Monday, October 23, 2017

‘Hopeless data centre industry’ urged to share information before killing outages hit hard

Independent confidential reporting programme of data centre failures and significant incidents globally launches to address failure miscommunication.

The data centre industry has been urged to start reporting incidents information, in a movement that has gained new strength in the wake of British Airways’ data centre PR-fiasco that brought the airliner to a standstill in May this year.

The call has been made by the UK Data Centre Interest Group which has now launched the Data Center Incident Reporting Network (DCIRN), an independent confidential reporting programme of data centre failures and significant incidents globally.

“This is about making data centres safer and more reliable by sharing knowledge,” said Ed Ansett, chairman of i3 Solutions and director at the DCIRN.

During the launch of the programme in London attended by Data Economy, Ansett accused the industry of being “profoundly hopeless” when it comes to sharing information, something that most of the times is not the industry’s fault as he explained. “We are bounded by regulation,” he said.

“It is only a matter of time for governments to step in. We are in a trajectory that our dependence on technology is becoming so profound and important that it is a matter of time until it starts killing people.

“The aviation industry is highly regulated because when they fail they have a heavy impact on society. The government steeped in, and said ‘you will share data’.

“[The DCIRN] is not a name and shame system; we will not point at company X and say they did this. If this works, this probably the most important thing this industry has ever done.”

The group will address three main questions around data centre failures: why did a facility fail and what can the industry learn and how can it prevent from happening again.

Ansett said: “We will start off with just the power cooling side, because we do not know if [the DCIRN] will work. If it works, we will move to the other areas [including servers and storage, networking and applications].”

The reporting process consists of four main processes, each with containing two stages.

First, a “2 stage encrypted” reporting is done to the DCIRN, which in stage one includes the sending of the report to the group’s secretariat and then on to the second stage, where it get authenticated by the secretariat.

The second stage corresponds to “Dis-Identification”, where the secretariat will review the report for anomalies and remove any information that could lead to the identification of the those submitting the report. The dis-identified report is then sent to the Advisory Council.

Thirdly, a technical analysis is carried out by the council, which will determine if the report is suitable. If approved, the Advisory Council is in charge of preparing a Draft Incident Bulletin.

The last part of the process is the “Final Review”. Here, the secretariat reviews the Draft Bulletin for anomalies. Lastly, the secretariat publishes the Bulleting to DCiRN members. Incident Bulletins will be available every three months.

Simon Allen, Membership Secretary at theUK Data Centre Interest Group, told Data Economy: “Learning from mistakes is an inherent and essential human ability – denying the data centre industry this single, most important development channel, is simply absurd. DCIRN will fix this.

“DCIRN is modelled on an initiative called CHIRP set up many yeas ago in the aviation industry to share information on incidents (and near misses) in that industry.

“The elephant in the room is NDAs – folk think they cannot share information because it will infringe the NDA they signed. This is a genuine issue. Eversheds Sutherland and other prominent and respected legal authorities working in the data centre industry have given their opinion – it’s a tricky subject but “If the information is anonymous and the underlying parties / data centre in question truly cannot be identified (and without a risk that a third party could “put 2 and 2 together” and work out which data centre or parties it concerns), this would not have the necessary quality of confidence to be “Confidential Information” under the terms of a typical NDA”.”

Looking ahead, the DCIRN is expected to be converted into a charitable trust, the same path the CHIRP took, in the next year or so, Allen said.