Data security doesn’t really seem to be a priority…

1-enquete-disaster-recoveryA survey of Belgian, quoted companies, commissioned by LCL, shows that only 3% of the targeted companies ever test their power backup systems by actually turning off the electricity. Meaning that they will only learn whether or not the power backup systems work when there is a power cut. That’s like buying skis and not trying them on before you actually hit the snow. Or going hiking with brand new boots, straight from your favourite online shop. The only guaranteed result is sore feet.

We’ve all read and heard what deficient power backup systems can lead to. Remember the power cut at Eurocontrol? The business world couldn’t believe the company shut down just like that, by lack of well functioning backup systems.

We knew that many companies are only theoretically prepared for the worst-case power scenarios. But we never expected it to be that many. 97% of the companies plug their power backup and pray; that’s like: as good as everybody. In France, they expect to have an electricity shortage of 5 GW next week. Knowing that we generally import electricity from France, next week could represent a live test for the companies concerned…

Another astonishing fact is that 53% of the surveyed companies doesn’t have a second data center. Meaning, that in case of any disaster, not just a power cut, they have a big problem. More over: only a minority of companies interviewed said they were planning to set up a second data center.

This shows that data security is not seen as essential within IT governance, not even with quoted companies. How many Board members are aware that data security is taken so lightly in their company? More and more, ICT is on the Board’s agenda, and rightly so. All we need to do now, is educate Board members so that they can evaluate the security systems in their company/ies, and make sure that they really are as safe as they should be.

Laurens van Reijen, Managing Director LCL

The Google wake-up call

Despite common sense, companies still purchase cloud services online with a credit card. Google has done a great branding job – people confide in them because they really want to believe that such a big name is probably amongst the best you can get. Well, it isn’t, so everybody now knows.

Last Thursday, apparently the Google data center in Mons (Bergen) was literally struck by lightning. Days later, an incident report was finally published, and this time the Google cloud clients were struck by lightning. Apparently, there is no business continuity – the ‘backup systems’ didn’t work – no disaster recovery – there is no replication to another data center – in short: no nothing!And they aren’t even from Barcelona, as far as I know. They have batteries, but they didn’t take over, which leaves me to think they have never been properly tested. This is, like, the minimum security one should be able to count on. On top of that, the incident report took days to be published, and, as a journalist informed us, there is no one available to talk to. Great service, don’t you think?

When you start reading the incident report, it gets even worse. It’s really the clients’ fault. Clients should not go for ‘GCE instances and Persistent Disks’ but for ‘GCE snapshots and Google Cloud Storage’. The incident report was specifically for the ‘Google Compute Engine’. So, even as a cloud client, you don’t have the protection of the so-called ‘Google Cloud Storage’? This, also, comes with big publicity budgets and a fancy website promising you heaven in the cloud: you probably sign off any responsibility that could be estimated theirs. Whatever happens, it’s your problem.

A tier 3 data center really means that all elements are ‘concurrently maintainable’. So every single part of our data centers can be shut down, without influencing the uptime of the data center. Google only offers tier 1, meaning that there is a lot less security. They could replicate to one of their other data centers, giving you at least that, but they don’t. The question is whether this would be a good enough solution, even if they would replicate, as there always is a latency – their data centers are far apart.

Whether the power is cut for ten seconds or a day, data loss is inevitable. Backup systems need to be tested – otherwise one can never be sure they really do take over seamlessly. Better yet than to rely on an American public cloud, is to go for a Belgian cloud provider. They are flexible, they work with data centers which are better secured (such as ours), and your data is protected by Belgian law. Some of our clients – cloud providers – are Combell, Evonet, Nucleus, Proact and RealDolmen. We like to advice our corporate and government customers and pass on leads to our systems integration and cloud infrastructure clients – that is one of our extra services. Contact me whenever, to discuss the best solution or an innovative idea for your company!

Want to read more about this? Have a look at our press statement:
French article
Dutch article

Laurens Van Reijen
CEO of LCL