Cloudscene covers Switch’s recent announcement and reviews the need-to-know certifications for the modern data center.
Leading US data center operator, Switch, has announced plans to introduce a new data center standard that it claims will replace existing ratings systems which have failed to innovate or adjust to the evolving and expanding data center industry.
Previously a prominent user and supporter of the Uptime Institute’s certifications, Switch has developed a proprietary Tier 5 standard that it states is more comprehensive and rigorous than Uptime’s four-tier rating system.
Formulated with the guidance of former employees and co-creators at Uptime, the new standard will evaluate facilities based on over 30 additional criteria, including power storage redundancy, water protection, detection of airborne pollutants, physical security, multiple network carrier diversity and the ability to operate cooling systems indefinitely without water.
In a seemingly competitive move, Switch intends to launch an independent non-profit body, entitled the Data Center Standards Foundation, to control how data center operators use Tier 5 and to defend the certification against misrepresentation by operators. Switch has boldly claimed that Uptime has inadequately enforced its certification and also suggested that the Uptime system lacks impartiality, because it is a for-profit with its core revenue derived from certification offerings.
Uptime’s president, Lee Kirby, defended his organization, stating that Uptime’s mission as an unbiased advisory body is to empower operators to better design, build, maintain and optimize their infrastructure. Kirby also pointed out that the Uptime Institute has certified over 1,000 data centers across 85 countries over the past two decades and that his organization continues to grow, expand and innovate.
Cloudscene’s Senior Marketing Manager, Renee Harper, spoke with Uptime’s Managing Director – South Asia, John Duffin, to discuss Switch’s claims.
“Certification is a minefield….and there are data center operators out there that will claim they’re Uptime certified when they’re not. Some will claim they’re facility certified, when they’re only design certified. This is quite common.”
Mr Duffin made it clear that if enterprises ask the right questions and take the time to investigate an operator’s claims, the correct information can be obtained very easily. Uptime publishes all tier certification customers on its website.
The organization also makes every attempt to reach out to operators who may be making false certification claims to their customers, in their marketing collateral and even in press releases. However, it is difficult to enforce this legally in certain countries and this has made “policing” and taking action against all instances of misrepresentation impossible.
Mr Duffin also added that there are many enterprises under the impression they are certified for other industry standards when in fact there is no such certification.
“It’s important to consider the difference between a standard and a guideline, and the difference between conformance and compliance. Enterprises can read best practices, be influenced and be guided by them, but it doesn’t make it a standard. And it doesn’t mean you can be certified against it.”
Mr Duffin also stated that 451 and Uptime are run entirely independent of each other and that the relationship between the two entities would have more impartiality than Switch given it is a data center operator itself. Despite having a separate standards body, Mr Duffin believes it’s unlikely anyone would share their IP with a competitor.
With this announcement grabbing headlines this month, we’ve taken the opportunity to review the need-to-know certifications and standards in the data center industry today:
The Uptime Institute is an independent advisory body focused on improving the critical infrastructure that supports the global information economy. Uptime’s Tier Classification System provides a consistent method of evaluating data center availability and performance. There are four classifications, each aligned with a specific business function and establishing appropriate criteria for power, cooling, maintenance and fault tolerance. Tiers are progressive, with each tier incorporating the requirements of all lower tiers. Tier I and Tier II are typically selected by organizations that don’t rely primarily on real-time delivery of products or services. Tier III and Tier IV sites are selected by organizations with more rigorous uptime requirements, where the dollar cost of disruption is significant.
Leadership in Energy and Environmental Design (LEED) is considered one of the world’s most popular ‘green building’ certification programs. Developed by the US Green Building Council, LEED consists of a set of Silver, Gold and Platinum rating certifications for the design, construction, operation and maintenance of environmentally responsible buildings. Characteristics of a LEED certified data center might include energy-efficient cooling systems, reduced power consumption, renewable energy sources and sustainable design and construction. LEED doesn’t force operators to use specific methods, but instead offers various credit categories with prerequisites that the data center may satisfy. The number of points accumulated through these credit categories determines the LEED certification level.
The Payment Card Industry Data Security Standards (PCI DSS) safeguard any cardholder information that is processed, transmitted or stored by merchants and processors. Compliance is mandatory for any business that accepts card payments. The standard specifies twelve requirements covering various business process and security technologies, and reflecting best practices for securing sensitive data. The framework of specifications, tools and measurements are designed to help businesses guarantee the safe use of cardholder data, including prevention, detection and handling of security incidents. PCI DSS compliance involves a process of continuous assessment and remediation to ensure cardholder safety. The Security Standards Council encourages merchants, service providers and processors to implement a holistic strategy focusing on the overall intent of the PCI DSS requirements, rather than addressing only one or a few of the elements.
ISO 27001 and ISO 9001
The ISO 27000 family of standards helps organizations to manage the security of assets such as intellectual property, employee details, financial data, or information provided by third parties. ISO 27001 describes the requirements for an Information Security Management System, which is a systematic risk-management approach to securing business processes, personnel and data. The ISO 9000 family of standards provides tools and guidance for organizations that wish to ensure their products and services meet customer expectations, with continuous quality improvement. ISO 9001 establishes criteria for a quality management system, including customer focus, the motivation of top management, the process approach and consistent improvement. More than a million global businesses are ISO 9001 certified.
SOC1 AND SOC2
Companies that provide services to other entities may need to provide assurance that their services are designed, operated and controlled effectively. One way to assure this is by undertaking a Service Organization Control (SOC) audit. The standard is managed by the American Institute of Certified Public Accountants. A SOC1 report covers any business processes, policies, personnel or IT controls relevant to an organization’s financial reporting. A SOC2 report is designed for technology companies such as data centers, IT managed services, SaaS vendors and cloud-computing businesses. It addresses an organization’s operations and compliance controls in relation to five Trust Services Principles – security, processing integrity, availability, privacy and confidentiality.
Open-IX is a self-regulated community that fosters the development of critical Data Center and IXP technical and operating standards. The OIX Data Center Technical Standards document establishes recommended standards for Data Centers to support IXPs (Internet Exchange Providers). Applicants for approval under the standard include Data Center Providers, Building Owners and Meet-Me Room Operators. An OIX-approved data center must offer non-discriminatory access to any OIX- approved IXP.
ANSI/TIA-942 is an American National Standard that specifies minimum requirements for single-tenant and multi-tenant data centers. The Telecommunications Industry Association standard covers all physical infrastructure including electrical design, telecommunications and network architecture, environmental controls, system redundancy, power management, fire/flood safety and other security requirements.
The National Australian Built Environment Rating System (NABERS) measures the environmental performance of buildings and homes, including energy efficiency, carbon footprint, water usage, waste management and indoor environment quality. It does this by evaluating various criteria (for example, utility bills or a waste audit) to determine a rating from one to six stars, relative to the building’s market peers. A 6-star rating indicates market-leading performance and ratings remain valid for twelve months. For over a decade, NABERS has helped Australian property owners, managers and tenants to improve their environmental performance, reap financial benefits, and boost their reputations. This has led to Australian property companies being acknowledged as some of the greenest in the world.