Beyond cyber security: protecting your IT infrastructure: how can boards ensure effective governance of complex IT infrastructure assets? Follow the best practices presented here.

AuthorKirby, Lee
PositionDUTIES OF DIRECTORS

Recent IT governance discussions have focused on the issue of cyber security risk--as they should--but managing data center and physical infrastructure risks can be just as vital to the enterprise. If data center errors cause a downtime event and bring IT operations to a halt, business-critical activities are interrupted and the company's market reputation can be damaged. Unlike cyberattacks, IT infrastructure risk is entirely manageable and usually preventable from within the organization, as long as the right oversight criteria and practices are in place.

A company's data center assets can be a source of strategic advantage, or a drain on the enterprise, depending on how they are managed. The aim of IT infrastructure governance is to align data center resources, investment, and management with the business mission. However, this is easier said than done. The complexities of modern enterprise IT infrastructure--data centers, networks, storage, cloud computing, and business continuity/disaster recovery--can be challenging for boards to grapple with, demanding a level of technology expertise that many directors don't have.

Knowing the right questions to ask, having a context for the issues involved, consulting with industry experts, and understanding the strategic implications of a company's data center infrastructure choices lead to effective board decision making. This article discusses some of the factors that boards should be aware of, and how to optimize the strategic value of data center assets. There are seven key aspects to consider:

  1. Matching Infrastructure Capabilities to the Business Mission

    Any enterprise that relies on 24/7 availability of its IT systems and networks needs to ensure data center facilities and equipment are sufficient to protect against a downtime event. In the data center industry's classification system, a facility that is designed, built, and certified to "Tier III" standards can provide that level of availability and resilience, incorporating redundant systems, back-up power sources, and other failsafe measures. Tier III Certification requires "concurrent maintainability," which means that any piece of critical equipment can be taken offline for maintenance without having to shut down the facility. Redundant systems and the ability to isolate equipment enable live operations to continue uninterrupted.

  2. Know the Risks

    From a business standpoint, there are clear risks to the enterprise if a data center...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT