... News ... Blog ...

Fire at the OVH data center and risk management issues

Fire at the OVH data center and risk management issues
DEAC | 18.06.2021

In March 2021, nearly 36 million websites and online services crashed due to a fire at the OVHCloud data center in Strasbourg. The incident caused serious reputational and economic damage, and at the same time made experts think once again about protecting data centers and customers from possible threats.

Experts from Deloitte have predicted that in the next one or two years businesses will be increasingly focusing on the expansion of server capacities, in view of the ongoing and enhancing migration to the cloud. This is not only related to the aftermath of the Covid-19 pandemic, which has forced many to switch to remote work, but also to some draft legislation intended to facilitate the digitalization of the economy.

IT Risk Management Issues DEAC

This transformation of the IT systems causes corporations to face new challenges:

  • disruptions in the operation of the infrastructure due to an accident at the data center;
  • hacking actions of intruders trying to gain access to confidential data through loopholes in remote workplaces;
  • accidents, human-induced disasters, lockdowns and geopolitics affecting the operation of the data centers.

Businesses need to remain mobile and have access to scalable solutions, while simultaneously ensuring the protection and security of their information. The balance in carrying out the tasks can be found by modernizing the IT infrastructures in line with current realities.

Accident loss mitigation measures

The fire and the destruction of the data center in Strasbourg were not isolated incidents regarding the break-down of operations of large data centers. And about 80% of incidents are not related to the operation of the equipment. The reason is a fire outside the server rooms: on the roof or in the adjacent corridors. And what is most concerning is that in most cases the data center team does not know how to react to what happened, and the PPC fire security system is only designed to extinguish fire in the server rooms. In attics, where the fire can break out, there are often no fire extinguishing facilities whatsoever.

And any disruption in the operation is a painful blow to a business. Users are not interested in why they cannot access an app, retrieve a required certificate or play a favorite game. As a result, the users are unhappy, and businesses suffer reputational loss and financial damage, mainly due to the outflow of customers.

In order to minimize such negative consequences, when developing their models of sustainable operation, companies that place their services in data centers must take the possible risks into account. Of no less importance is the development of DRPs or so-called disaster recovery plans.

Still, to simply create an algorithm operational in the case of a failure is not sufficient. Such disaster recovery plan must be constantly updated so that the business remains fully prepared for any type of risk throughout its entire life time. Businesses should not underestimate DRaaS-solutions that create copies of servers that are vital in the case of emergency disruption in operation. Utilization of a reserve data center in Europe and the most timely back-up services on the cloud is increasingly becoming an efficient solution.

In order to be able to minimize the risks of a crash of the IT infrastructure, it is important to follow these simple guidelines.

  1. Be careful in choosing your providers and the disaster recovery plan for placing your data. Inquire about the fail-safe guarantees provided, inquire about the protection systems used and solutions designed to accelerate the recovery process.
  2. Conduct audits and stock-taking of critical assets. This will help you to identify the weaknesses and pass the required preventive measures.
  3. Introduce information security measures. Such measures can be considered to include standards and internal procedures aimed at ensuring the stability of the IT infrastructure, disaster recovery plans.

To be able to develop a clear algorithm of actions that will provide comprehensive protection against a range of threats, every entity needs to carry out a thorough analysis of the current situation, and a high level of qualification in the field of existing IT solutions is required. In the case of any difficulties one is more than welcome to apply to the experts of DEAC who are ready to select the best available arrangement to minimize any risk.