Earlier this month, a couple of guys released a free app for the iPhone that they billed as “Snapchat for business.” The app, Confide, is intended to send messages secretly, doesn’t allow people to read over your shoulder or let you take a screenshot, and deletes the messages after they’re read. Moreover, the company uses end-to-end encryption, meaning it can’t read the messages, either, and the messages are never stored on the company’s servers. (Here’s a very detailed description of how it works and looks.)
So what’s wrong with that?
One use case, writes Business Insider, is the recent incident with Gov. Chris Christie in N.J., who’s accused of having his staff shut down part of a bridge as political payback, and where the staff had email messages incriminating them in this. “Now, if Christie’s aide had used Confide, this wouldn’t be happening,” Jay Yarow writes brightly.
And he thinks this is a good thing?
We’ve certainly seen many examples of government officials erasing messages, using personal email addresses, and otherwise trying to evade proper oversight by the people. If government officials could send email without fear that the messages could be retrieved later, what do we think could happen?
It’s not just in government that this app should scare us. It’s with corporations as well. Numerous legal cases, such as Apple-Samsung, have hinged on incriminating email messages. Moreover, there’s all sorts of regulatory, audit, and accountability issues that could be evaded with this app, writes Bloomberg Business Week.
“Companies face heavy regulatory pressure to preserve—not destroy—business e-mails, financial records, and other documents,” writes Sarah Frier, noting that Barclays was recently fined $3.75 million for failing to retain electronic documents. “If employees are discussing critical information or creating financial records, those probably need to be retained, says Scott Whitney, vice president of product management at social media compliance consultancy Actiance,” she adds.
What do the Confide developers say about the notion of it being used for nefarious purposes? “As for the possibility that professionals could use Confide to skirt legal duties (such as by-laws that require them to preserve corporate communications),” developer Jon Brod handwaved to GigaOm, “the app is simply a platform and that it would be up to individuals to comply with their obligations.”
Okay, here’s a new way to use memory sticks to spread malware — though to be fair, at least this method doesn’t rely on people being stupid enough to pick up strange thumb drives and stick them in their computers.
In a story that has “Law and Order — ripped from the headlines!” all over it, according to the BBC some bad guys in Germany figured out how to cut holes in an ATM, reach in with a thumb drive running a program, and plug it into the ATM’s USB port, upload the program, remove the thumb drive, plug the hole back up, and then use the program uploaded from the thumb drive, with a 12-digit PIN, to tell the ATM to empty its cash drawer. To show the care with which the bad guys wrote the program, it let them pick the biggest bills first, and it required a code from one of the other bad guys, to ensure that none of the bad guys went rogue and started going freelance. When the machine was empty, it would go back to its usual interface, reported the International Business Times.
Presumably the bad guys show up at night, when there aren’t employees around to hear the sound of dozens of bills going whfft-whfft-whfft out the ATM at once.
Because of the knowledge required to cut into the ATM at the right place, write the program, and plug in the thumb drive (ATMs have USB ports? Who knew? What for?), it’s thought to be an inside job, because they displayed “profound knowledge of the target ATMs.” You think?
Presumably the little program shuts down the ATM’s camera as well, because these bad guys haven’t been caught yet. In fact, we’re not really sure this is exactly how the thing works; the unnamed European bank where this is happening asked for help when ATMs’ cash drawers kept turning up empty, and this is conjecture from investigators. They did discover the little program is called hack.bat, which apparently was a Clue. The program has been found on four ATMs thus far.
Researchers — who asked to remain anonymous — revealed the system in a talk at the Chaos Computing Conference in Hamburg, Germany. (They may be anonymous, but they’re readily visible in the recording, and one of them is female, so it shouldn’t be that hard to figure out who they are.)
We’ve written before about the importance of securing USB ports to keep people from, deliberately or not, using them to download data or infect systems with malware, but using them to zombiefy an ATM is a new one. One presumes that ATM manufacturers will quickly be coming up with ways to secure the USB port. If nothing else, they could spend 75 cents and plug something into them so they’re less accessible. Setting up security cameras that aren’t controlled by the ATM is probably on the list as well.
Interestingly, the ATMs in question run Windows XP — yes, the same one that’s supposed to stop being supported as of April 8. It’s previously been said that the unsupported Windows XP could end up harboring all sorts of viruses after that date, which some people chalked up to Fear, Uncertainty and Doubt sowed by Microsoft to get people to migrate. But the notion of viruses targeting ATMs and teaching them to spew out money is an interesting one.
Naturally, the story is charming hackers of all stripes who are busily exchanging war stories about the insecurity of ATMs — models of which are readily available on eBay for convenient home research.
This raises the question of what other things these days have USB ports in in them, or run Windows XP, that could be exploited. Video poker machines? Candy and cigarette machines? Medical equipment?
Incidentally, security researcher Barnaby Jack, scheduled to give a talk earlier this year on hacking implanted medical equipment — who mysteriously died of unrevealed causes days before his presentation, though Reuters said law enforcement had ruled out foul play — presented at Black Hat in 2010 on exactly how to break into an ATM, including how he used social engineering to gain valuable information about the ATM.
Typically this blog focuses on the intricacies of preserving data, including backups and disaster recovery. However, this time we’re going to talk about destroying it — or, in other words, blowing *&(*&(& up.
The topic has been alluded to before, most recently in the context of the guy who threw a disk drive away and then was trying to figure out a way to find it in the landfill so he could retrieve the up to $7.5 million in Bitcoin from it. It was noted at the time that he could have had a problem with simply throwing away a disk drive in the first place, as the data was still accessible and could have been used for nefarious purposes had it been found, regardless of how much Bitcoin might be on it, and that people getting rid of PCs in the near future might want to be particularly careful because people might be cruising dumps for similar largesse.
This also being the end of the year, typically the end of the budget year when companies buy new equipment, and people get new electronic gadgets for Christmas — particularly for organizations with BYOD policies — means it’s a good time to discuss the proper method of disposing of the old stuff.
A survey last year from Fiberlink, conducted by Harris Interactive, showed the extent of the problem in connection with replaced BYOD devices. “Only 16% had the data professionally wiped from the old device and only 5% had the device securely destroyed,” the report noted. “The majority of respondents, 58%, said they kept the old device, although it remained inactive; 13% turned it over to their service provider; 11% said they donated the device, simply gave it away or threw it in the trash; and 9% did something else with their previous device.”
While there are a number of entertaining ways to destroy disk drives — melting them in acid, setting them on fire with thermite, taking them out to the desert and shooting them (popular here in Idaho) — a number of these methods are apparently not only dangerous but won’t necessarily destroy data on the drives. (Note, for example, that though Adam Lanza reportedly destroyed the hard drives on his computer before his Newton, Conn., shooting rampage, the final report includes information from his computer.)
So how do you get rid of the darn thing?
- Cornell University recommends that disks that will be reused be rewritten three times, following DoD standards, and that disks that are too decrepit to follow this procedure should be physically destroyed by methods such as drilling, hammering, or crushing. “Destroying the logic section of the drive without damaging the platters is insufficient and not recommended,” it cautions.
- In a very thorough 2010 article, Andrew Kelleher, president of Security Engineered Machinery (SEM), a direct supplier of high-security information destruction equipment, recommends a “belt and suspenders” system using at least two methods, such as degaussing the drive with a strong magnet and then shredding it. He also has a lot of contempt for some of the more fanciful methods of disk destruction. “Many so-called methods of destruction border on the insane and unsafe, not to mention the unreliable,” he writes. “Yes, some might be feasible if you have one or two hard drives to dispose of, but even those could pose huge liability risks when done for an employer. If you have time to waste, gloves on your hands, and safety goggles on your eyes, some of these methods might even work. But businesses that have to deal with liability, workplace safety, and the disposal of multiple hard drives should have a problem with these methods, not to mention they are just crazy dangerous! Besides, even if carried out as recommended, most of these measures are far less than 100% effective.”
- Remember to destroy SD cards, SIM cards, and other accoutrements, notes Dark Reading’s Kelly Jackson Higgins.
- Specifically for old ZIP disks, take them apart and run them through the shredder.
Fun as it might be, though, this really isn’t a situation for testing out the new Christmas Glock 9mm. Sorry. Christmas thermite, on the other hand…
Thoughts and prayers with the people of Washington, DC today as they deal with 2-3 inches of snow. Just know that you are in our hearts.
— pourmecoffee (@pourmecoffee) December 10, 2013
Joking aside — yes, admittedly places like Washington, D.C. don’t tend to have snowplows, salt, or people who grew up driving in snow — it’s not a bad idea to have snow on your disaster preparation list just like you would any other sort of emergency, even if you live in an area that doesn’t typically get snow.
In fact, it’s probably even more important to have a snow plan ready if you live in an area that doesn’t typically get snow. If you typically get snow, then the municipality and employees know how to deal with it and drivers have had a bag of kitty litter in the trunk since October.
The federal government has actually been leading the way on offering employees a telework option on snow days, ever since it was shut down for five days in 2010 due to snow. In some ways, it’s actually kind of a bummer for the employee because instead of having the snow day off, they have to work, because they can now work at home. But for the organization or agency, it’s an improvement.
“The federal government, in fact, was one of the early pioneers of telework, with the first push coming during the bird flu pandemic scare in the early 2000s, and the biggest push after the massive 2009-2010 snow storms, dubbed Snowmageddon, that shuttered the federal government for days and led to the Telework Enhancement Act of 2010,” writes the Washington Post earlier this month, the day after the entire federal government shut down due to snow. According to the Office of Personnel Management, the new program now saves the government up to $30 million per day, the Post reports.
The OPM announces early in the morning whether the federal government will be shut down or open later due to bad weather, and gives a time that teleworking employees must be either working or taking time off.
Though the telework program was originally set up for bad weather, employees are now taking advantage of it all the time in some agencies. Up to one-third of the U.S. Department of Agriculture teleworks at any one time, the Post writes.
What do you need to do for your employees to be able to telework during snow days or other inclement weather? Employees will need a computer at home — do they need to provide it, or will the company provide it? They’re also need an Internet connection — again, decide ahead of time who’ll pay for this perk — and whatever sort of security you deem appropriate for a remote worker, such as a virtual private network.
The most important thing is to test the setup ahead of time. 7:45 am on a snowy morning isn’t the time to find out whether the telework setup works — if only because the IT people might be stuck at home, too.
The New York Times published on Friday what we’ve always suspected — that there are agencies in the U.S. federal government that still use floppy disks.
“Every day, The Federal Register, the daily journal of the United States government, publishes on its website and in a thick booklet around 100 executive orders, proclamations, proposed rule changes and other government notices that federal agencies are mandated to submit for public inspection,” writes Jada Smith. “It turns out, however, that the Federal Register employees who take in the information for publication from across the government still receive some of it on the 3.5-inch plastic storage squares that have become all but obsolete in the United States.”
Smith didn’t know which agencies were involved. Thank goodness it’s at least 3 1/2-inch disks, and not 5 1/4-inch (which, incidentally, were designed to be the size of a cocktail napkin because they were invented in a bar), or, Lord preserve us, 8-inch disks.
Surprisingly, Smith mentioned, the Federal Register is not allowed to accept the data on flash drives or SD cards — only floppy disks or CD-ROM. People can also send the information via a secure email system, but it is expensive and not all agencies have upgraded to it, she writes.
Sony quit making 3 1/2-inch floppy disks in 2010, though even then, people were still using them. “The emergence of alternatives such as the CD-RW, which has a storage capacity almost 500 times that of a floppy, and the internet, which enabled swift transfer of floppy-sized files, were effectively its death knell,” wrote the BBC in 2003, when Dell stopped including 3 1/2-inch drives in its equipment. In an era where people store entire movie collections on personal drives and even laptops now come with at least a terabyte, the notion of a disk that could hold maybe one three-minute song is increasingly quaint.
A BBC News piece at the time printed 40 uses people still had for floppy disks — out of more than 1,000 replies. While a number of them were no longer related to their original purpose, ranging from coasters to tiling floors and roofs, a number of responses reported that they were still necessary for the increasingly arcane equipment they were using.
At this point, the biggest problem with 3 1/2-inch disks is likely not the floppy disks themselves but finding working drives on which to read them and machines that still have drivers for the disk drives. In other words, there may be tons of existing data trapped on floppy disks because we no longer have the drives on which to read them — the problem of the “digital dark ages” that we may be facing as an increasing number of historical records end up stored in formats that are often unreadable in ten years or less.
While people are using this as another way to bludgeon the federal government over its lack of IT sophistication, after the healthcare.gov debacle, chances are that commercial companies — up to one-third of which were still running Windows XP as of earlier this year — probably still have a few machines that use floppy disks as well.
A little over two years ago, Samsung and Western Digital each announced 9.5 cm 1 TB hard disk drives, which caused me to say at the time “I want a terabyte on my laptop.”
Now’s the time. I just bought a new laptop (a Lenovo T530 Thinkpad) that has a 1 TB hard drive on it. And it’s not even alone, or the first; Googling for laptops for sale with a terabyte bring up dozens, many of them cheaper than mine.
The funny thing is, now that 1-TB laptops are available, people were trying to talk me out of it.
- I should get one with a big solid state disk instead, because that way it would boot up faster.
- I should just use thumb drives or the cloud instead, because that way my data would be more protected rather than being as vulnerable as the laptop.
- I now have a big (2 TB) Network Attached Storage (NAS) drive, and since I work at home most of the time, why not just use that?
And there’s some truth to all those opinions. I could have gotten my new laptop with a 256 gb solid state drive. And yes, it would probably have been faster. But I worry about the downsides of solid-state drives where, basically, the disk gets tired if it’s written on too much. I’m a writer, I’m writing and deleting and rewriting all the time. I didn’t want to have to worry about the lifetime of my drive.
Using the cloud is fine except what if I don’t have Internet access? No storage. And stories like Nirvanix make me worry about depending on any one company for cloud storage. As it is, I have accounts on all of them. It’s part of what’s kept me away from a Chromebook. I live in Idaho, I’m not in a city all the time, and I don’t always have access to the Internet.
Using the NAS is fine, as long as I’m home, but what if I’m not home? Do I always need access to all my data, every minute? Probably not, but you never know; it’s not unusual for me to refer to something a couple of years ago. Like now, for example.
Maybe I don’t really need that much space, but disk space tends to be the second most important gating factor on my laptop use, after memory. (Chrome doesn’t like it when you have 25 tabs open. Who knew.) Yes, according to Parkinson’s Law, data expands to fill the space available, and no doubt I’ll be complaining before long that I’m running out of space on the terabyte drive, too.
Mostly though, I admit it – I just think it would be cool to know I have a terabyte laptop. It’s not just the size queen aspect. As I’ve mentioned before, I came of age when the first PC I bought cost as much for its 10 MB hard drive as it did for the entire computer. The fact that I can not only have a terabyte of my own, but can carry it around with me, is right up there with jetpacks in terms of things I want in the future.
For me, the future is now. I get it next week.
Except in my research, I see there’s now laptops with 1.5 TB hard disks. Hmmm…….
However bad a day you might have had lately, it can’t compare with that of James Howells.
Howells is the guy from Wales who realized that the hard disk he threw away actually contained a cryptographic key giving him access to Bitcoin – the Internet’s open payment network — worth up to $7.5 million, so now he’s trying to find a way to root through the dump in hopes of finding it.
“Sitting beneath about four feet of garbage in an area of a Welsh landfill the size of a football field sits a fortune — in the form of a computer hard drive that James Howells threw out this summer while cleaning up his workspace,” writes USA Today. “On it: the cryptographic “private key” he needs to access 7,500 Bitcoins. And since the digital currency hit a major milestone yesterday, with a single coin now worth more than $1,000 on the most popular exchange, that tossed hard drive is worth more than $7.5 million.”
So there’s a couple of nuances to that. First of all, the Bitcoin may not *actually* be worth $7.5 mllion. Howells bought the Bitcoin in 2009. Even when he threw the disk drive away earlier this summer, they were worth about $800,000.
“Although Bitcoins have recently become part of the zeitgeist – with Virgin saying it will accept the currency for its Virgin Galactic flights, and central bankers considering its position in finance seriously – Howells generated his in early 2009, when the currency was only known in tech circles,” writes the Guardian. “At that time, a few months after its launch, it was comparatively easy to “mine” the digital currency, effectively creating money by computing: Howells ran a program on his laptop for a week to generate his stash. Nowadays, doing the same would require enormously expensive computing power.”
But just because an individual Bitcoin is worth $1,000 doesn’t mean that he actually may have been able to sell the total for $7.5 million. It’s complicated.
Second of all, Howells could actually have found himself out a lot more than $7.5 million, depending on what else might have been on that disk drive. Throwing away a disk drive with readable data on it? Really?
Periodically, someone discovers that discarded hard disks still have readable data on them. In 2006, a guy bought some hard disks on eBay and discovered all sorts of interesting account information from Idaho Power, a public utility in southwestern Idaho. It turned out that Idaho Power had contracted with a company to destroy 230 hard disks, and the company just put them up on eBay instead. And security experts such as Simson Garfinkel, now Associate Professor at the Naval Postgraduate School in Monterey, Calif., periodically go out and buy hard disks off eBay and Craigslist just to see what sort of interesting stuff people are throwing away.
In 2010, CBS News did a similar report noting that laser printers and photocopiers, too, had hard disks in them that contained data and that people were buying up old printers and finding interesting data on them.
In fact, for the next few months, it might actually be even more of a good idea to be diligent about properly destroying a hard drive. After the news of Howells’ windfall, there may be a sudden surge of interest in discarded hard drives, in case someone else forgot about their Bitcoin trove.
If Howells had destroyed his hard disk properly, he’d still be out the $7.5 million – but at least he wouldn’t be trying to find a way to root through garbage looking for it. (And perhaps he’s better now about doing backups?)
There is one consolation, though – Howells doesn’t have to worry about someone else finding it first. USA Today reports that the city council has said other searchers will be turned away.
Now you’ve gone and infected the International Space Station (ISS).
Eugene Kaspersky, the eponymous founder of the Kaspersky Lab security software company, let drop this little bombshell recently while speaking to the National Press Club in Australia. He said he was told this by “Russian space guys.”
“The space guys from time-to-time are coming with USBs, which are infected. I’m not kidding. I was talking to Russian space guys and they said, ‘yeah, from time-to-time there are viruses on the space station,'” Kaspersky reportedly said.
There’s two things to note about this story:
- While some publications pinned the blame on Russian astronauts specifically, it isn’t actually clear which astronauts did this, and whether they did it on purpose or on accident, as my daughter used to say. Kaspersky’s “Russian space guys” apparently didn’t reveal that detail. Either way, the ISS doesn’t control its USB ports and scan USBs before plugging them into multimillion-dollar things in orbit? Srsly? Didn’t they watch “Independence Day?”
- It isn’t clear exactly what sort of malware has infected the ISS. At various points in time, as least as far back as 2008, it has previously been infected with malware – intended to steal online game passwords. (This is what the astronauts do in their spare time? Play Spacecraft Simulator?) i09 reported receiving email from Kaspersky Lab claiming this incident is actually what he had been referring to, not some nefarious plan to crash the ISS into Manhattan or something.
Oh, and the laptops in question were reportedly running not just Windows, but Windows XP. Oy. Reportedly, the ISS switched to Linux in May, partly to avoid the malware problem. Incidentally, at least in the past, the laptops on the ISS didn’t have virus scanning software. Perhaps they do now? Please?
What is clear is that, despite some reports, the ISS has not been infected with Stuxnet, the virus intended to disable Iranian nuclear facilities. In the same speech, Kaspersky had mentioned that Russian nuclear facilities had been infected with Stuxnet, and non-technical reporters, hearing the words “Stuxnet” and “ISS” in the same speech, got excited and conflated the two.
Even if Stuxnet were found aboard the ISS, it would only be a problem if they were running uranium centrifuges up there, and if they are, we have bigger problems.
All together now:
- Don’t stick strange USB sticks in your ports.
- Control access to the USB drives.
- Scan USB drives before inserting them.
We don’t want to have to tell you this again!
Western Digital announced this week a 6TB disk drive filled with helium. Let the jokes begin.
The technology isn’t new; the company first floated the idea – wups, sorry – a year ago last September. The company said at the time that it didn’t have any specifications but that it would release them – wups, sorry again — when the product was announced.
(In addition, old-timers discussing the announcement recalled that HP had produced a helium-filled drive in the 1970s.)
Well, here it is and here they are, sort of. It’s called the Ultrastar He6 – He being the chemical symbol for helium, get it? It’s 6 TB – hence the 6 – which, incidentally, also makes it the highest capacity 3.5-inch disk drive in the world. The company didn’t say how fast it goes, but Extreme Tech expects it to be 7200 rpm like the air-filled equivalents. And the company still hasn’t said how much the darn thing will cost.
The company said the drives would be particularly suited for “high-density data centers, massive scale-out data centers, containerized data centers, nearline storage applications, bulk storage, and enterprise and data center applications where density and capacity are paramount.” Perhaps for the NSA?
So how is it so much faster and has so much more storage than a standard drive packed in air? Because helium is less dense than air, by a factor of 7, it offers less friction, so the platters can go faster and it can have more of them – that is, up to 7 in a space that typically these days holds 4 or 5. (One can consequently assume that the He7 might be trotting along one of these days.) This also means it needs less power to fight against air’s friction, meaning that it uses 23 percent less power when it’s idle, 49 percent fewer watts per TB, and on the whole runs 4-5 degrees Celsius cooler.
This will add up when you’re a CERN, Netflix, Huawei, or HP – to name a few companies that were said to be testing them — and have a whole warehouse full of the things, notes Arik Hesseldahl of AllThingsD. “Deploying 11 petabytes of storage using current drive technology requires 12 racks and 2,880 hard drives, and about 33 kilowatts of power to run them,” he writes. “With the new helium-based technology, you could do it with eight racks and 1,920 individual drives, and run them on 14 kilowatts. The setup would take up less space, and require fewer cables, too.”
While it’s not as fast as, say, a disk drive in vacuum — and no doubt some enterprising scientist is slaving away at that as we speak to eliminate the problems with that technology — it’ll do for now.
If you’ve already run into articles about this, you might be confused about which vendor we’re actually talking about. Some articles say Western Digital, others say Hitachi, others say HGST. Here’s the deal. Once upon a time, there was a company called IBM with a disk storage business. It wanted to get out of the business, so in 2002 it spun it off – wups, sorry again – where it was purchased by Hitachi, but to keep it separate from Hitachi’s own storage business, it was known as Hitachi Global Storage Technologies (GST). Then, in 2012, Western Digital bought it, but kept it as a separate organization – so it’s the HGST part of Western Digital.
What took so long? While vendors have been toying with the idea of helium-filled drives for 30 years, Western Digital had to find a way to build a sealed case for the thing so all the helium doesn’t leak out (or, as one pedant points out, if air leaks in), like a balloon does after a couple of days. After reportedly working on it for the past ten years, it now has what it calls a patented HelioSeal technology for that – which, incidentally, should also make them immersible. (You first – though speculation is that it would enable them to be used in liquid-cooled facilities. And by the way, would it float? Might be useful for flood zones.)
As it is, it will be interesting to see how sturdy the things are, how long they’ll be able to hold a seal (especially if dropped or jostled), and whether there’s any mechanism to refill it with helium should it slow down.
Not to mention, is there any way to test whether there’s a leak, or do we just check to see if the sysadmins get squeaky voices? If it does leak, do the whole thing squeal to a stop? A commenter to one article, who identified himself as a Western Digital engineer, said that the ones his part of the company were working on had monitors and that they lasted about five years until too much helium leaked out for them to be useful.
The company also didn’t address the issue of the helium shortage that has been a pall on children’s birthday parties for the last couple of years. Or is this the source of the shortage in the first place? Hmmm.
Where were you a year ago? If you were on the East Coast, chances are you were dealing with Hurricane Sandy, a storm that was unprecedented not so much for its size and damage but for the way it seemed to target New York data centers. As we come up on the anniversary, what have we learned?
As you may recall, a number of data centers shut down abruptly due to losing power — which was often situated in the basement. While some companies got generators, others were stymied due to a lack of diesel fuel for them — or having to take diesel fuel up flights of stairs in a bucket brigade. Salt water and other debris also damaged equipment at some data centers.
Companies such as PEER 1 Hosting, which set up the famous bucket brigade, have been talking about what they’ve learned and offering advice to other companies that find themselves in similar situations.
As PEER 1’s Ryan Murphey notes, an important factor is people. “If you can’t ‘staff up’ before the storm, think about how you’ll get additional support to the facility if it’s needed,” he recommends such as by setting up emergency response teams near data centers.”
“Focus on the people, stupid,” agrees Barb Darrow of GigaOm. “Before Sandy, nobody seemed to imagine that highways, tunnels and subways could be out for days on end. Now there have to be plans in place for how personnel can get to the affected area, and for how other personnel can work remotely as effectively as possible.”
Murphey also suggests stocking up on equipment and setting up contracts ahead of time for items such as fuel. For example, the organization now has a pump that can reach the 18th floor, as well as fuel hoses on-site — which fit the generators. And for stored diesel, organizations need to set up filters and other systems to remove any potential water from the fuel, which could keep generators from running, warns Alastair Trower in Data Center Knowledge.
At the same time, Murphey notes that stuff happens and you can’t always count on being able to get what you need when you need it, contracts or no.
Other people and entities are also making preparations. For example, the state of New York is setting up a strategic gasoline reserve of as much as 3 million gallons, though it isn’t clear how much of that would be regular unleaded gasoline for vehicles vs. diesel fuel that could be used in generators. The New York Stock Exchange has devised a plan takes advantage of the company’s data centers in New Jersey and in Chicago.
Some organizations are also working on getting better, more site-specific weather prediction in place so they have a better idea of what can happen in their own locations, Darrow writes.
At the same time, some things haven’t changed. While some organizations are looking at backup data centers in less hurricane-prone regions, such as Omaha, Nebraska, Darrow writes, an April survey found that two-thirds of data center managers would rather see the data center in the city where they worked — and even potential alternative locations tended to be vulnerable to natural disasters themselves. The most important reasons given for data center expansion, Digital Realty noted, were (in order of priority) the need for increased security, energy efficiency, new applications/services, and more space. It isn’t clear whether “Not Being Under Water,” “Not Being on Fire,” or other variations on “Not Being Destroyed” were choices.
Time-critical organizations such as stock exchanges and other financial companies are also concerned about latency, or the additional seconds involved in getting data from places like Nebraska rather than New York.
And Murphey notes that, despite his company’s experience, it still is unlikely to put its electrical equipment anyplace other than the basement. First, real estate on higher levels is more expensive. Second, there are structural issues associated with supporting the weight of the equipment, as well as practical issues with storing diesel fuel anywhere other than a basement.
If nothing else, maybe you’d better stock up on buckets.