The resilience of your Data Center: key for your business continuity

The resilience of your Data Center: key for your business continuity
By EBRC 05/01/2023
Banking, Insurance & Fintech
Health & Life Sciences
Public Sector & European Institutions
Defense & Space
Technology & Software Providers
Energy, Logistics & Industry

In its latest study entitled "Global Data Center Survey 2022, Resiliency remains critical in a volatile world", Uptime Institute reports that service interruptions are still caused by the power supply in 44% of cases (Source: Uptime Institute Resource Page - Uptime Institute). This figure may come as a surprise in 2022, as the continuity of the power supply and the air-conditioning of the rooms are the "basic" services that one would expect from a Data Centre. However, these are not the only risks that can affect a Data Center: floods, cyberattacks, air crashes, loss of personnel in the event of a pandemic, terrorist attacks, nuclear accidents, etc… or even the management of activities in wartime. In "extreme" situations, only Data Center providers which are best prepared and able to reorganise themselves according to the context, i.e. have a business continuity plan and are able to apply it, will be able to meet their service commitments. As a client of an IT hosting provider / Data Centre service provider, you should closely investigate the provider’s overall resilience.

Resilience: from a concept to a standard

The term resilience has been borrowed from science where it describes the ability of materials to return to their original form without alteration after a shock or continuous pressure. This term was borrowed from medicine too where it describes the ability of individuals or groups to overcome trauma. Applied to the economic world, resilience refers to the capacity of a system or organisation to absorb a shock, crisis or event that will impact its functioning temporarily but without stopping its activity durably, in order to return as quickly as possible to a normal state. 
It is the ISO 22301 standard: 2019 - Security and resilience - Business continuity management systems - that specifies the requirements to be implemented " protect against, reduce the likelihood of, prepare for, respond to, and recover from disruptions when they occur." (Source As with security, resilience requires a cross-functional approach across all business activities. Adopting a resilience/ISO 22301 approach requires a complete analysis of the company's ecosystem: its environment, its suppliers and its internal services.

By definition, a Data Center must be resilient insofar as its mission is to ensure the optimal functioning of its users' IT infrastructures in all circumstances. Its design and equipment must therefore be designed to ensure its mission. But there are many other aspects to consider when assessing the level of resilience. 

Data Centers: a key component of resilience and business continuity

In a digital economy, Data Centers concentrate and protect the vital needs of companies to manage and process their information flows (supply management, orders, invoicing, etc.). Because IT plays such a central role, it is now vital to ensure its continuous operation and transparency for users. 

In order to ensure the smooth running of the IT infrastructures they host, the primary objective of Data Centers is the continuity of the power supply as well as a stable temperature in the computer rooms. Power supply and air conditioning are two of the main services governed by SLAs: availability rate for power and the maximum temperature not to be exceeded for air conditioning. Based on redundancy levels ensuring the equipment back-up, the Uptime Institute defined Tier I to Tier IV standards (with Tier IV being the highest level), thus providing a standardised framework. Tier IV certification is the first indicator to consider and assess whether a Data Center will be in the position to operate, should it be impacted by some failures. The Uptime Institute goes even further with two levels of certification: "Design", validating the Data Center meets the specifications for Tier I, II, III or IV, and "Facility", obtained after the installation has been tested. 

Data Center and resilience: A global approach is mandatory when it comes to risk assessment

However, there are many other risks that can impact a Data Center. The geographical location can expose the Data Centre to natural hazards: earthquakes, floods, tidal waves, typhoons or tornadoes, etc. Some building zones near rivers or coasts can experience exceptional flooding once or twice a century. Geopolitical risk for a conflict or tension zone should also be considered. Let’s not forget about the regulations in force in the data centre’s country. All of these exogenous risks to the Data Center must be considered and put into perspective with the business challenges before choosing the data centre. 

Finally, the quality of the Data Center operator is of considerable importance, i.e. its reliability, financial stability and shareholding. Similarly, given the sensitive nature of the data hosting business, certifications related to the requirements of the client's business should also be checked. The ISO 27001 and ISO 22301 certifications respectively concerning information security and business continuity ensure the operator hosting and operating the data has a good level of resilience. Both certifications are thus a prerequisite. They may be completed by other certifications or status related to the client's activity or business: PCI DSS (VISA-Mastercard payments) or defence and governmental projects.

Resilient Data Centers: Instructions for use

Data hosting has become a mature industry, having structured its services on the basis of certifications and regulations to create the necessary framework of trust for a sensitive activity. This makes it easier for clients to pre-select their provider based on their needs in relation to the service being delivered and thus better assess value for money. 

To sum up, resilience in the data hosting sector is governed by the ISO 22301 standard which, combined with Tier certifications, establishes a level of service quality defined on the basis of open, measurable criteria and certified by independent bodies. These certifications ensure the level of performance of the Data Centre. For the hosting service provider, these certifications are a reflection of its maturity as far as risk management is concerned. In addition to certifications, visiting the data centre and meeting the teams will help you assess whether the hosting provider offers the level of resilience you require.

Information you need to know to choose your Data Centre

1/ Identify the Data Center service provider

Moving your data to a Data Center is a big decision that will impact your business for years to come. Take an interest in the life of the company: 

  • Shareholding, turnover,
  • Who owns the Data Center? Is the service provider the owner and/or operator of the Data Center?
  • What is its strategy?
  • Will you be able to easily get additional space in the same Data Center if needed?

2/ Where is your Data Center located? 

The aim is to map the main risks that could affect the operation of the Data Center: 

  • A climatic risk (heat, flooding, earthquake)? 
  • Is the country economically and politically stable? If possible, visit the country.
  • Check the legislation and regulations in force and their impact on your activity.

3/ Check the certifications of the Data Center and of the company that manages it

A certification establishes a level of service quality and requirements. The Tier certification of the Uptime Institute (an independent American organisation) is a standard. The "tiers" range from I to IV. Data Centers certified as Tier IV are qualified as "fault tolerant" and, thanks to the redundancy of their equipment, can approach "zero fault" and thus achieve an availability of up to 100%. 

Also look into certifications such as ISO27001 and ISO22301 (security and resilience) or business-specific certifications such as PCI DSS (for payments via Visa or Mastercard).

4/ Is your Data Center provider able to support your projects with other services?

Some IT operators offer a "one-stop-shop" model. Meaning, in addition to the services dedicated to Data Centers, your provider can support you on other subjects (e.g. Cloud, Resilience or Advisory). By knowing your hosting needs, your partner can offer you a 360° view of the entire IT value chain. 

5/ Meet the teams and ask to contact an existing client

Every business has its own requirements, so make sure your service provider knows your sector of activity.

Meet the teams and ask to visit the infrastructure in person. You will then be able to see for yourself which physical security measures have been implemented in the Data Center.

Assess the reputation of the Data Center operator.

Learn more about our Trusted Data Center Services

Visit our Data Center in video