The Channel logo

News

By | Bob Tarzey 30th November 2007 07:02

Going green is good, but is it secure?

Zero carbon doesn't have to mean vulnerable

Quocirca's changing channels The environmental impact of IT is an issue under much scrutiny recently, but not much thought seems to have been given to the security consequences of "going green".

Having thought it over, Quocirca has come up with an answer. There are two broad themes that affect the job of chief information security officers (CISOs) if businesses are serious about greening their use of IT.

The first is a positive one: on the whole more IT infrastructure should end up housed in more resilient and secure data centres; the second is more negative - from the CISOs view point at least - businesses will have to accept, indeed embrace, even more open and flexible use of IT, often requiring access over the internet.

Greening IT requires three issues to be addressed: facilities, infrastructure, and usage.

Facilities

By facilities we mean the locations where IT is used – data centres, offices, and in the field. The latter two are harder to control, but a data centre has the potential to be managed very efficiently, where there is a will.

Twenty-first century data centre design is all about efficiency, and fortunately that can also mean green. Efficient cooling, minimising energy requirements, and reuse of heat have been covered in other articles by Quocirca. All save power costs and reduce CO2 emissions. A lower carbon footprint is good – but what about zero carbon?

To be clear, zero carbon is different from carbon neutral. It means deriving all energy requirements from sustainable power sources, not just offsetting those of dirty power derived from fossil fuels – coal, oil, and gas. Putting nuclear power to one side for now, this means hydro, wind, solar, tidal, and geothermal power. Making use of such power sources is already a reality.

Google is building new data centres in remote locations near hydroelectric schemes. Yahoo! is talking about locations such as Switzerland and Iceland. UK co-location provider Centrinet has a carbon zero data centre in remote and windy Lincolnshire. These data centres are located close to power generation as it is more efficient to transmit data than electricity and there is less competition from other human activity. In the future, who knows, solar powered data centres in the Sahara?

This is all possible, but the remoteness of such zero carbon power generation locations makes them a long way from users. So while such locations are quite easy to make physically secure and will provide a resilient infrastructure for housing IT, the data they generate will have to be transmitted over long distances. For reasons we shall come to, this journey will often be over the internet.

Infrastructure

Great, so long-term there is potential to make data centres zero carbon. There has also been much coverage of how to make the infrastructure it's housed within more efficient using consolidation, virtualisation, and so on. But surely there is as much power used by IT infrastructure scattered around offices and carried by employees in the field. Not much can be done about that, surely? Well yes, quite a bit actually.

First, power management applications can help in offices, although in the field you have to rely pretty much on the common sense of employees (often problematic – agreed). But there is plenty of scope for consolidating infrastructure into the "carbon friendly" data centre.

Many workers only use IT in the office and can be served by thin-client computing or blade PCs run out of data centres, considerably reducing the use of power at the desktop. Branch office computing requirements can also be served out of data centres, reducing power usage and keeping network "heavy lifting" between "clients" and "servers" local to the data centre, rather than across wide area networks (WANs).

Good news for the CISO here – more infrastructure in a secure and controlled environment and less ad hoc access over WANs. For office workers and many branch workers, the network used will be a private one, so not too much extra concern about the remaining network traffic.

To some organisations, getting access to high quality data centre space may sound expensive. But it need not be. First, it is possible to procure such space from co-location providers like Centrinet, Telehouse Europe, or Netcetera, or just rent hardware provided by managed service providers who use co-location facilities like Rackspace or NTT Europe Online.

But an increasingly popular alternative is to turn to software as a service (SaaS) vendors, which provide subscription-based access to applications ranging from CRM (e.g. salesforce.com, NetSuite, RightNow) to IT security (e.g. MessageLabs, Google/Postini, Qualys). All SaaS providers have to use robust well managed data centre facilities to underpin their business model.

Usage

The real security headache for CISOs is around usage outside of the office. This is not so much about what employees do with IT, but the fact that any business going green needs to open its IT infrastructure to a broad spectrum of external users.

Unlike other industries that are lambasted for their CO2 emissions, such as air travel and road transport, IT usage already has the potential to be low or zero carbon. So rather than being an environmental pariah, IT can be used to drive initiatives that green the business in other areas.

Collaborative applications like web and video conferencing are becoming more and more widely used, and while claims that these reduce the overall carbon footprint of a business need to be substantiated, their use is a direct alternative to travel. But such collaboration needs to be with suppliers, customers, and other business partners - not just between employees. This requires open access over the internet.

Business processes such as supply chain management and distribution are increasingly being opened up for direct access by businesses to external entities. This helps ensure the efficiency of the transportation and storage of goods. But again this requires wide ranging access to IT over the internet by third parties.

And then there are employees working flexibly, field service engineers clocking in remotely using handheld devices, sales staff logging orders direct from customers' sites, and call centre workers based in their own homes. All have the potential to make a business greener, especially if the applications themselves are run using low or carbon zero facilities and infrastructure.

So, the greening of IT means housing as much infrastructure as possible in secure data centres that will become increasingly remote and potentially zero carbon – this introduces more control, security and resilience. But it also means providing wide ranging access to applications housed in such facilities, often over an inherently insecure network – the internet.

However, unlike many other activities that are hungry for power, well managed IT has the potential to give more back to the environmentally-aware business than it takes.

Copyright © 2007,

Bob Tarzey is a service director at Quocirca focused on the route to market for IT products and services in Europe. Quocirca (www.quocirca.com) is a UK based perceptional research and analysis firm with expertise in the European and global IT markets.

comment icon Read 3 comments on this article alert Send corrections

Opinion

Chris Mellor

Drives nails forged with Red Hat iron into VCE's coffin
Sleep Cycle iOS app screenshot

Trevor Pott

Forget big-spending globo biz: it's about the consumer... and he's desperate for a nap
Steve Bennet, ex-Symantec CEO

Chris Mellor

Enormo security firm needs to get serious about acquisitions

Features

Windows 8.1 Update  Storeapps Taskbar
Chinese Buffet self-service
Chopping down the phone tree to scrump low-hanging fruit
An original member of the System/360 family announced in 1964, the Model 50 was the most powerful unit in the medium price range.
Big Blue's big $5bn bet adjusted, modified, reduced, back for more
Microsoft CEO Satya Nadella
Redmond needs to discover the mathematics of trust