The list of substantial and incredibly costly data breaches grows every day. Target, Home Depot, Dairy Queen, and Ahold Supermarkets are some of the more well-known examples, but there are literally hundreds of other breaches that get far less attention. It all adds up to a huge problem for IT and data center professionals.

The impact of a breach is so substantial that the real question becomes, “How can I build the best plan to protect my valuable data?”

One of the best answers is to start with independent experts who can help you create a strategy for preventing breaches that is developed specifically for your organization and its needs. Much like snowflakes, the plan for preventing breaches must be unique to the vulnerabilities, compliance demands, and IT infrastructure of each firm. At BRUNS-PAK, we bring decades of experience and the cross-disciplinary knowledge necessary to build an effective plan to help prevent breaches.

In addition, BRUNS-PAK is not a vendor of security products or services that is trying to sell its own offerings, and will “manage” the strategic plan results to ensure recommendation of that solution. We are vendor neutral, and looking out for your best interest. In fact, we’ re so well known as an expert independent party that Gartner, Forrester, and IDC have all met with BRUNS-PAK to discuss this very important issue. This is a testament to the experience and broad knowledge of data center/IT issues that BRUNS-PAK brings to the table.

One of the most important aspects of our security evaluation process is to consider how co-location and cloud service providers can impact your organization. This information is integrated with the evaluation of your traditional on-premise data center. BRUNS-PAK’s holistic approach to security considers all of the issues that might impact your ability to prevent a breach; this is critical to a successful plan.

Getting started is easy. BRUNS-PAK experts will meet with you to develop a consultative approach based on best practices that will drive your ability to prevent breaches. Utilizing BRUNS-PAK’s leading-edge, 16-step approach, which provides a comprehensive framework for strategic data center issues, you’ll benefit from the best thinking in the industry.

Protecting your organization and infrastructure from data breaches is critical. Being protected starts with having the right plan. Too often, vendors are only attempting to justify why you should buy their product. A better approach is to engage BRUNS-PAK, an independent authority that is on your side, to build an effective plan against data breaches. Click here for our white paper on the topic, or you can contact Jackie Porr at 732-248-4455/888-704-1400 ext 111, or jporr@bruns-pak.com

Next In Queue:

We’ ll look at how to effectively eliminate existing and potential hot spots in your data center with BRUNS-PAK expertise and Computational Fluid Dynamics (CFD) analysis.

Funding a data center build, renovation or expansion does not have to mean draining capital resources.

Big Data. Mobile enablement. The knowledge economy. The reasons are myriad, but the impact is singular…data center demand continues to grow in the enterprise, regardless of industry or corporate maturity. Today’s CIO must figure out how to satisfy an increasingly demanding audience of users, seeking access to data across a diversifying array of applications, and do so with continually stretched IT budgets.

In fact, many legacy data center assets are being stressed by power density and distribution constraints, rising cooling costs and complex networking and peak load demand curves. However, retrofitting, upgrading or consolidating multiple legacy, lower performing assets into a newly designed and constructed facility, or constructing large new data center facilities to support enterprise growth, can require significant capital.

At BRUNS-PAK, our proprietary Synthesis2 methodology integrates a structured approach to data center planning and construction that includes rigorous estimation and structured adherence to budget guidelines throughout the project. This discipline has helped us define breakthrough approaches to data center financing driven by operating cash flow instead of capital reserves. This can dramatically expand an organization’s ability to support required IT expansion in the face of rising end user demand.

The basic concept behind OpEx financing is the use of long-established structured finance techniques that leverage the credit rating of investment grade companies (BBB or better) to finance the new assets or improvements on a long term basis. In a retrofit or upgrade scenario where energy savings are anticipated as a result of the project, the financing to provide the capital improvements can be secured by the cash flow generated by reduced energy usage. For a new build scenario, the financing to construct and use the facility can be secured by a well structured, bondable, long-term lease.

To illustrate how this can work, here are two scenarios outlined below for a retrofit and new build:

Scenario 1: Energy Saving Retrofit/Upgrade Financing

Financing an energy efficient retrofit or upgrade to a data center requires a few key considerations:

• The amount of capital required to complete the retrofit or upgrade
• The energy savings that will generated
• The term of those energy savings which often coincides with the obsolescence life of the assets being deployed

Baseline anticipated energy savings are first established through an energy audit to determine the as-is energy costs and plan the target cost profile. The difference between current costs and future costs is presumed to apply to the debt service on the construction. If the actual annual energy savings exceed the annual debt service costs of the underlying financing, the owner or user can keep the positive difference or spread between those streams. For example, if an organization invests in a $50 million upgrade that results in $12.5 million in energy savings per year, here is a basic financing option. First, let’s presume 84 month (7 year) financing at a 7% interest rate. That results in an annual debt service cost of $7.5 million. That $7.5 million is paid from the energy savings, and the organization retains the remaining $5 million in savings. After the financing is repaid, the full energy savings flow to the organization’s bottom line.

An important note in this example…the organization has not outlaid any cash for the construction.

Scenario 2: New Build Financing

For new facility financing, we will take into account a different set of considerations, including:

• The amount of capital and the construction schedule for the facility
• The credit rating of the user
• The desired term that the user will occupy the facility which is used to establish the lease term.

In this scenario, the user will execute what is known as a bondable, net-lease that provides sufficient duration to completely pay back the financing provided. Once again, the user is not required to outlay capital for the construction. Instead, they pay for the facility through lease payments that factor in the term, total construction cost, construction period interest, and the assumed interest rate applied to the project.

For example, assume an investment grade rated company wants to consolidate three existing legacy data centers into a new, state of the art facility that will cost approximately $50 million, but they do not want to tap their capital budget. They are, however, prepared to occupy and pay for annual use of the facility over a 15 year period. If we were to apply a 6% interest rate to this project and assume the hypothetical loan would be repaid ratably over the 15 year lease, the company would pay approximately $5.5 million annually over the lease term, with an option to buy the facility at term end.

The BRUNS-PAK Advantage

Using structured finance techniques to finance long term assets is not limited to these two scenarios discussed. In fact, for organizations with strong credit ratings, there are practically endless ways to structure a capital efficient transaction for data center facilities. As noted earlier, BRUNS-PAK’s track record for accurate estimation of facility construction costs and long-standing history of on-budget project completion, have become powerful assets when discussing OpEx solutions.

With over 5,500 customers in all industry, government and academic sectors, BRUNS-PAK’s proven process has helped us line up multiple sources for structured financing that we can introduce into project plans to ensure that you can plan and implement a program that effectively supports your current and future IT infrastructure demands.

In rapidly evolving markets, bigger is not always better. Is your data center designed for efficiency?

The aggressive efforts of DISA, the Defense Information Systems Agency, to rationalize and consolidate mission-critical data center facilities has put a spotlight on the challenges of planning a data center infrastructure that is reliable, resilient, responsive, secure and efficient at the same time, from both an energy utilization and financial perspective. It is easy to criticize DISA’s efforts as emblematic of government inefficiency, but that would be an unfair assessment, as there are plenty of equally egregious commercial examples of overbuilding (and underbuilding) in the data center space. Especially in the current hybrid architecture marketplace, designing a data center facility to effectively and efficiently meet both current and anticipated needs takes careful planning and expert engineering.

At BRUNS-PAK, we believe that part of the reason so many projects end up misaligned with the demand profile is that both the customer and vendor design/build teams fail to account for the six critical factors that influence efficiency when working at the design phase of the project:

• Reliability
• Redundancy
• Fault Tolerance
• Maintainability
• Right Sizing
• Expandability

How you balance these individual priorities can make all the difference between a cost-effective design and one that eats away at both CAPEX and OPEX budgets with equal ferocity. Here is a quick review of each critical consideration.

Reliability

The data center design community has increasingly acknowledged that workloads, and their attendant service level and security requirements, are potentially the most critical driver in defining data center demands. Workloads dictate the specifics of the IT architecture that the data center must support, and with that, the applicability of cloud/colo services, pod designs, and other design/build options. Before initiating a data center project, having a clear picture of the workloads that the site must support will facilitate accurate definition of reliability for the project.

Redundancy

The goal of redundancy is increased reliability, which is defined as the ability to maintain operation despite the loss of use of one or more critical resources in the data center. Recognizing that all systems eventually fail, how you balance component vs. system-wide redundancy (N+1 vs. 2N, 2N+1, etc.) will significantly reshape the cost/benefit curve. Here, it is important to design for logical and reasonable incident forecasts while balancing mean-time-to-failure and customary mean-time-to-recover considerations.

Fault Tolerance

While major system failures constitute worst-case scenarios that ultrareliable data centers must plan for, far more common are point failures/faults. In order to achieve fault tolerance, data centers must have the ability to withstand a single point-of-failure incident for any single component that could curtail data processing operations. Typically, design for fault tolerance emphasizes large electrical/mechanical components like HVAC or power distribution, as well as IT hardware/software assets and network or telecommunications services, all of which will experience periodic failures. Design for fault tolerance should involve more than simple redundancy. Rather, effective design must balance failover capacities, mean-time-to-repair, repair vs. replace strategies, and seasonal workflow variances to ensure that the data center is able to support service level demands without requiring the installation of excess offline capacity.

Maintainability

When designing a data center facility, a common mistake is failing to account for maintainability. Excess complexity can rapidly add to costs since even redundant systems must be exercised and subjected to preventive maintenance. In fact, planning a consistent preventive maintenance schedule can be one of the most effective contributors to long-term efficiency by reducing the need for overcapacity on many key infrastructure components.

Right-Sizing/Expandability

When properly accounted for, these final two factors work in tandem to help design/build teams create an effective plan for near-term and long-term requirements. Modern design strategies include the use of techniques like modular/pod design or cloud integration that engineer in long-term capacity growth or peak demand response. This means that the team can better ensure that near-term buildout does not deliver excess capacity simply as a buffer against future demand. Engineering teams can readily design modern infrastructure to smoothly scale to meet even the most aggressive growth forecasts.

Treated as a portfolio, these six factors offer the data center design team diverse levers to balance service delivery against cost while ensuring that the final infrastructure can meet demand without breaking the bank, either through initial capital investment, or long-term operating cost.

How BRUNS-PAK Can Help

Over the past two years, BRUNS-PAK has evolved its proprietary design/build approach to incorporate the evolving array of strategies and tools available to data center planning teams, resulting in the BRUNS-PAK Hybrid Efficient Data Center Design program. Through an interactive process that acknowledges both an organization’s IT requirements and the associated facilities infrastructure needs’, this program delivers a strategic approach to addressing the six critical factors influencing efficient data center design while retaining the performance, resilience and reliability needed in enterprise computing environments. Through our expanded consulting services group, and well-established design/build services team, BRUNS-PAK is uniquely positioned to assist customers seeking to create a long-term strategic direction for their data center that satisfies all stakeholders, including end-users, IT and finance.

When Customers Are Involved, Being “Ready for Anything” Takes on New Urgency

Regardless of what industry you operate in, the delivery of “always on,” secure, customer-facing processes and services fundamentally changes the demands on the IT department. Unlike disappointing internal users because of an application outage, failure of externally-facing applications can impact business forecasts, stock price and brand value. For Target, a technology innovator with a long-history of delivering customer value through technology initiatives, consumer confidence eroded and both short and long-term business performance was negatively impacted when hackers infiltrated their credit card processing systems.

Beyond dramatic examples like Target, even short application outages or minor security breaches can have measurable cost implications. According to a Ponemon Institute study, the average per minute cost of data center downtime has risen by 41 percent since 2010, with an average cost per minute of downtime costing approximately $7,000.[i] This is forcing IT to implement entirely new approaches to systems and services that are not just ultrareliable, scalable and dynamic, but also resilient under failure and attack.

Here are five key management strategies for making data center resilience a part of your organizational DNA and enhancing your defense against the negative impacts of unexpected IT incidents:

1.   Reframe the Management Conversation

For years, IT was viewed through an infrastructure lens that focused on empowering internal processes, not external business value. Today, IT management, executive management and directors must all acknowledge IT’s changing role in the organization and focus greater energy on not only addressing immediate term demands, but longer-term business growth and mission-critical risk mitigation issues. Target was an early explorer of embedded chip credit card technology, but was unable to muster the necessary internal and external resources to enable adoption. Decisions on critical IT infrastructure in modern markets must be fully integrated into a broad business strategy context to ensure effectiveness.

2.   Recognize That Resilience is a Journey, Not a Destination

There are many dynamic forces that define IT architecture resilience in modern business: growth impacts demand, security threats are ever-evolving, and risk profiles change with business valuation. That means evaluation of IT resilience must be equally dynamic. From physical data center infrastructure to approaches to DeVops and disaster recovery, planning for and implementing resilient architectures is a continuous process, not a single build-and-deploy project.

3.   Plan for Elasticity

In the week leading up to Christmas 2013, UPS planned to deliver 132 million packages. Unfortunately, demand significantly outstripped that forecast, leading to late deliveries for many high profile e-tailers, including Amazon, and major dissatisfaction with UPS. Thus is the world of customer-facing business processes, where exceeding your wildest dreams of business success can lead to nightmarish end results. For IT, massive capacity bursts need to be built into the plan if resilience objectives are to be consistently met.

4.   The Best Defense is One Grounded in Reality

Reality is that there is no perfect moat to protect IT systems from all cyber threats, natural and man-made disasters, and unforeseen internal incidents. Today, IT systems must be engineered to rapidly react to any incident in order to minimize its impact and/or the time-to-recovery. From foundational infrastructure to self-healing applications and interfaces, resilient environments are the product of planning and architecting for the foreseen…and the unforeseen.

5.   The Data Center is Still the Core of Your IT Infrastructure, Wherever and Whatever Your Data Center Is

Cloud. PODS. Colo. On-Premise. The definition of a ‘data center’ continues to evolve, and for most organizations, a modern data center represents a hybrid architecture that integrates multiple physical architectures and networking strategies. Hybrid architectures can help organizations support services that are massively scalable, ultrareliable, resilient to point failures across hardware and software, risk-managed at-scale, and still cost-efficient and environmentally responsible. Building out an enterprise-class hybrid data center architecture means moving away from old debates about topics like who controls assets toward discussions about how to best broker the continuously evolving portfolio of services needed to satisfy demanding internal and external audiences.

How BRUNS-PAK Can Help

Over the past two years, BRUNS-PAK has evolved its proprietary design/build methodologies to integrate the evolving array of strategies and tools available to data center planning teams, resulting in the BRUNS-PAK Hybrid Efficient Data Center Design program. Through an iterative process that acknowledges both rapidly changing IT requirements and their associated facilities infrastructure needs, this program delivers a strategic approach to addressing the key management levers influencing resilient data center design. Through our expanded consulting services group, and well-established design/build services team, BRUNS-PAK is uniquely positioned to assist customers seeking to create a long-term strategic direction for their data center that ensures an infrastructure able to support real-world demands in the age of customer-centricity.

[1] Emerson Electric/Ponemon Institute “2013 Study on Data Center Outages” 09/2013.  http://www.emersonnetworkpower.com/documents/en-us/brands/liebert/documents/white%20papers/2013_emerson_data_center_outages_sl-24679.pdf

Cornerstone concepts to support cybersecurity

While working on a recent project, we came across a newsletter authored by Deb Frincke, then Chief Scientist of Cybersecurity Research for the National Security Division at the Pacific Northwest National Lab in Seattle, which outlined her team’s initiatives for “innovative and proactive science and technology to prevent and counter acts of terror, or malice intended to disrupt the nation’s digital infrastructures.” In cybersecurity, the acknowledged wisdom is that there is no “perfect defense” to prevent a successful cyberattack. Dr. Frincke’s framework defined four cornerstone concepts for architecting effective cybersecurity practices:

• Predictive Defense through use of models, simulations, and behavior analyses to better understand potential threats
• Adaptive Systems that support a scalable, self-defending infrastructure
• Trustworthy Engineering that acknowledges the risks of “weakest links” in complex architecture, the challenges of conflicting stakeholder goals, and the process requirements of sequential buildouts
• Cyber Analytics to provide advanced insights and support for iterative improvement

In this framework, the four cornerstones operate interactively to support a cybersecurity fabric that can address the continuously changing face of cyber threats in today’s world.

If you are a CIO with responsibility for an enterprise data center, you may quickly see that these same cornerstone principles provide an exceptional starting point for planning a resilient data center environment, especially with current generation hybrid architectures. Historically, the IT community has looked at data center reliability through the lens of preventive defense…in the data center, often measured through parameters like 2N, 2N+1, etc redundancy.

However, as the definition of the data center expands beyond the scope of internally managed hardware/software into the integration of modular platforms and cloud services, simple redundancy calculations become only one factor in defining resilience. In this world, Dr. Frincke’s four-part framework provides a valuable starting point for defining a more comprehensive approach to resilience in the modern data center. Let’s look at how these principles can be applied.

Predictive Defense: We believe the starting point for any resilient architecture is comprehensive planning that incorporates modeling (including spatial, CFD, and network traffic) and dynamic utilization simulations for both current and future growth projections to help visualize operations before initiating a project. Current generation software supports extremely rich exploration of data center dynamics to minimize future risks and operational limitations.

Adaptive Systems: Recently, Netflix has earned recognition for its novel use of resilience tools for testing the company’s ability to survive failures and operating abnormalities. The company’s Simian Army, consisting of services (monkeys) that unleash failures on their systems to test how adaptive their environment actually is. These tools, including Chaos Monkey, Janitor Monkey and Conformity Monkey, demonstrate the importance of adaptivity in a world where no team can accurately predict all possible occurrences, and where unanticipated consequence of a failure anywhere in a complex network of hardware fabrics can lead to cascading failures. The data center community needs to challenge itself to find similar means for testing adaptivity in modern hybrid architectures if it is to rise to the challenge of ultrareliability as current scale.

Trustworthy Engineering: Another hallmark of cybersecurity is the understanding that the greatest threats often lie inside the enterprise with disgruntled employees, or simply as a result of human error. Similarly, in modern data center design, tracking a careful path that iteratively builds out the environment while checking off compliance benchmarks and ‘trustworthiness’ at each decision point, becomes a critical step in avoiding the creation of a hybrid house-of-cards.

Analytics: With data center infrastructure management (DCIM) tools becoming more sophisticated, and with advancing integration between facilities measurement and IT systems measurement platforms, the availability of robust data for informing ongoing decision-making in the data center is now possible. No longer is resilient data center architecture just about the building and infrastructure. So, operating by ‘feel’ or ‘experience’ is inadequate. Big data now really must be part of the data center management protocol.

By leveraging these four cornerstone concepts, we believe IT management can begin to frame a more complete, and by extension, robust plan for resiliency when developing data center architectures that bridge the wide array of deployment options in use today. This introduction provides a starting point for ways to use the framework, but we believe that further exploration by data center teams from various industries will create a richer pool of data and ideas that can advance the process for all teams.

How BRUNS-PAK Can Help

Over the past 35 years, BRUNS-PAK has evolved its proprietary design/build methodologies to integrate the evolving array of strategies and tools available to data center planning teams, resulting in the BRUNS-PAK Hybrid Efficient Data Center Design program. Through an iterative process that acknowledges both rapidly changing IT requirements and their associated facilities infrastructure needs, this program delivers a strategic approach to addressing the evolving capacity and complex networking requirements created by the explosive growth in mobile data traffic. Through our expanded consulting services group, and well-established design/build services team, we can help you leverage concepts like this resiliency framework to construct your plans for effective data center deployment, whatever size data center you operate.

REFERENCES

Frincke, Deborah, “I4 Newsletter”, Pacific Northwest National Laboratory, Spring-Summer 2009.