A data center guideline for quoted companies: a call to action for FSMA?

1-enquete-disaster-recoveryA survey of Belgian, quoted companies that LCL ordered, showed that data security is not seen as essential within IT governance, not even with quoted companies.

One of our clients, a health care company, chose to work with us after their government control body said it was no option to work with only one data center.

In case of a disaster, you risk losing absolutely all your data. After your power shuts down, your company does too.

If you really want to be safe, at least 25 km should separate both data centers.

 

Moreover, best practices dictate that one should separate the development environment from the production systems.

What are the odds that the current mentality – we all trust that all will go well – will change in the short term?

Only a minority of companies interviewed said they were planning to set up a second data center.

2nd dc?

distance between dc's?

 

If we really want change, it will have to be directed by the stock exchange control body: FSMA.

So, in the best interest of our Belgian quoted companies, for the sake of their business continuity and employment – not to mention the shareholders who want return on their investment; data loss will almost certainly cause share devaluation – we call upon FSMA to issue a new guideline for quoted companies.

A guideline pushing quoted companies to have a second data center, and to either thoroughly test all back-up systems, including power backup, or to confide in a party that does just that for them. It’s a pain in the lower back part, but people will not move unless they have to.

Laurens van Reijen, Managing Director LCL

Data security doesn’t really seem to be a priority…

1-enquete-disaster-recoveryA survey of Belgian, quoted companies, commissioned by LCL, shows that only 3% of the targeted companies ever test their power backup systems by actually turning off the electricity. Meaning that they will only learn whether or not the power backup systems work when there is a power cut. That’s like buying skis and not trying them on before you actually hit the snow. Or going hiking with brand new boots, straight from your favourite online shop. The only guaranteed result is sore feet.

We’ve all read and heard what deficient power backup systems can lead to. Remember the power cut at Eurocontrol? The business world couldn’t believe the company shut down just like that, by lack of well functioning backup systems.

We knew that many companies are only theoretically prepared for the worst-case power scenarios. But we never expected it to be that many. 97% of the companies plug their power backup and pray; that’s like: as good as everybody. In France, they expect to have an electricity shortage of 5 GW next week. Knowing that we generally import electricity from France, next week could represent a live test for the companies concerned…

Another astonishing fact is that 53% of the surveyed companies doesn’t have a second data center. Meaning, that in case of any disaster, not just a power cut, they have a big problem. More over: only a minority of companies interviewed said they were planning to set up a second data center.

This shows that data security is not seen as essential within IT governance, not even with quoted companies. How many Board members are aware that data security is taken so lightly in their company? More and more, ICT is on the Board’s agenda, and rightly so. All we need to do now, is educate Board members so that they can evaluate the security systems in their company/ies, and make sure that they really are as safe as they should be.

Laurens van Reijen, Managing Director LCL