When it comes to determining whether an in-house data center, colocation, containers, the cloud or some mix works best for your company, a broad array of factors must be considered when calculating the Total Cost of Ownership for each scenario.
However, as Mark Evanko of BRUNS-PAK told attendees at Data Center World on Monday, it’s no longer just about facilities infrastructure, energy efficiency, migration, network costs, or computer hardware and software, to name just a few. In the face of growing data breaches and security flaws, data center managers must also put a price tag on the costs of keeping data safe and liability issues should one occur.
That means before doing all of the other legwork for calculating TCO, a thorough inventory and prioritization of the types of data being processed needs to happen, said Evanko. If most of your data falls into the critical category i.e. health, top secret, financial, tax records/social security, research, or academic records, costs to employ a security plan or repair your company’s reputation post-breach could easily be a multi-million dollar endeavor.
If your data is mostly non critical in nature, such as social media, search engines, iTunes, surveys, maps or non-sensitive market data, a breach might be more of an inconvenience than a blemish on your company’s reputation or a costly lawsuit.
“I am not against colocation or cloud,” Evanko said. “It’s right for a temporary app or non-critical data, but maybe you should keep the ‘crown jewels’ at home.”
Liability has become a huge issue in the face of recent, highly publicized breaches on the IRS, Anthem Health, JPMorgan Chase, Target, Home Depot, and even presidential Democratic candidate Hillary Clinton.
Target beat a lot of companies to the punch after it paid the US government $10 million to remove liability for the stealing of customers’ records. Evanko estimated that Target permanently lost 5 to 10 percent of its customers as a result of the incident.
Other companies may not get off nearly as easy. There’s legislation brewing that would make organizations far more accountable for breaches of personal information and require them to pay actual damages to individuals, something he thinks will reverse the trend toward cloud and colocation back to in-house.
It’s an issue that is only going to become more complex as time goes on. Evanko posed some interesting questions about liability: “What is the responsibility of a board of directors to stockholders, or trustees of an academic university?”
Those questions have yet to be answered, however, the BRUNS-PAK engineer believes that colos will eventually be slapped with responsibility for stolen data and ensuing ramifications. The current liability of the third-party provider for damages is zero.
“Liability will soon be extended down to the colocation provider along with everybody else that touches that data,” says Evanko. “Most colocation providers don’t automatically cover customers if their data is either stolen or corrupted.”
Should that happen, costs to lease space could rise astronomically. Evanko gave an example of one company upping the price per square foot per month from $35 to $350 when it was told by the client that liability would fall on its shoulders should data be compromised.
Unfortunately, the Identity Theft Resource Center predicts that it’s going to get a whole lot worse—and more expensive—before it gets better. Security breaches were up 20.5 percent last year and are expected to grow significantly over the next two years.
This is clearly an issue that will challenge data center managers for years to come. Evanko suggests that after you make make security a part of the TCO calculation and bring it to the attention of C-level executives, let them make the decision to spend or take the risk.