如何构建数据中心风险管理计划

如何构建数据中心风险管理计划

How toStructure Your Data Center Risk Management Plan

DevinPartida |2020.10.21,

当今，依赖数据中心的商务人士深知电力中断或其他故障会直接影响其客户和收益。因此，风险管理计划对于数据中心的平稳运行至关重要，不仅要满足现有客户需求，而且还可以拓展新的客户。下面是关于构建正式风险管理文档的6条建议，将有助于数据中心从业人员预测与预防最坏的情况。

Today’s business representatives who relyon data centers know that outages or other difficulties could directly affecttheir clients and profits. Therefore, a risk management plan is crucial forthese critical facilities to operate smoothly to not only satisfy existingcustomers, but to also gain new ones. These six tips for structuring a formalrisk management document will help data center professionals anticipate theworst-case scenarios and prevent them.

存在多种类型风险可以阻碍数据中心的运行。处理它们意味着要鉴别出风险的类型，然后再根据需求深入了解更多细节。一些领先的数据中心企业将这些风险划分为条理清晰的层级，比如第一层级可能是断电风险，第二层级可能是洪灾或火灾风险。

Various risks could hinder data centeroperations. Dealing with each one means identifying each type and getting into morespecifics as needed. Some leading data center brands structure these risks astiers to keep them organized. The first tier might address power loss risks,while the second one goes into handling floods or fires.

在确定了风险类型之后，数据中心从业人员可进一步细化，将每个主要类型拆分为子类。例如，有关安全风险的部分可以分为实体安全风险，以及人员使用移动设备远程进入数据中心的风险。

After settling on the risk types, datacenter professionals could break the content down further by selectingsubcategories for each main section. For example, a segment aboutsecurity-related threats could give information about physical security, aswell as people who might remotely log into data center tools on their mobiledevices.

在组织风险管理计划内容时，制定总体策略需要深谋远虑，也要使计划中的信息更易于查找和更新。

Sticking to a strategy when organizing thecontent requires forethought. However, doing it makes the information in theplan easier to find and update as needed.

一个旨在最小化风险、结构合理的风险管理计划，其内容特点在于强调每个人在降低风险中如何发挥至关重要的作用。每个人都遵循规程工作，就可以实现维持数据中心的正常运行的共同目标。

A well-structured plan to minimize risks ina data center features content that emphasizes how everyone has a vital role inthreat mitigation. Every person can help keep a data center operating withoutincidents, and the processes they follow collectively achieve that goal.

例如，一位入口保安可能会要求每位访客在到达时签到，并出示预约凭证。同样，在电力设备附近工作的数据中心员工必须接受培训并遵循安全规程，以此来降低风险。

For example, a facility’s front gatesecurity guard could require that each visitor sign in upon arrival and presentevidence of a previously arranged appointment. Similarly, data center employeeswho work around electrically powered equipment mustreceive training and follow safety procedures to reduce threats.

在风险管理计划中应明确相关人员的职责并设定期望值。该部分也可以帮助数据中心管理者识别哪些人员需要投入更多的教育或其他资源，使得这些人员做好充分的工作准备。

Including a part in the plan that describeshow people in certain roles contribute to risk management gives clarity andsets expectations. It also helps data center managers identify where to investin more education or other resources so that people feel well-prepared to carryout their duties.

当服务商提供数据中心审计时，他们与托管和云合作伙伴合作来评估基础设施。负责制定风险计划的任何人都应采用相同的方法来获得全面的结果。

When service providers offer data centeraudits, they work with colocation and cloud partners, plus assess on-premisesinfrastructure. Anyone tasked with creating a plan to deal with risks shoulduse the same approach for all-encompassing results.

一种做法是将风险管理计划划分为几部分。第一部分包括直接在公司控制范围内的风险，第二部分包括主要与第三方实体相关的风险，第三部分包括公司与其外部供应商共同克服的风险。

One option is to split the plan into several sections. The firstmight include the risks directly within a company’s control. Another could havethe threats primarily associated with third-party entities. A third segmentcould detail the issues that a company and its outside providers have a sharedresponsibility to conquer.

在与外部供应商磋商时，做出以上划分有助于提出正确的问题并确认需求。此外，数据中心管理者可更加明确外部供应商是否将其客户置于过度风险之中，何时将其客户置于过度风险之中。如果存在以上风险，那么就有必要通过严肃的磋商来解决问题，如问题仍然存在，将考虑切换到另一个数据中心。

Making those distinctions facilitatesasking the right questions and confirming needs during conversations withexternal providers. Additionally, data center managers can become more awareof, if and when, third-party providers may expose their customers to excessiverisks. In those cases, it’s necessary to have serious conversations aboutfixing the issues of concern and potentially switching to another data centerif problems persist.

降低风险并不仅仅意味着识别可能破坏数据中心运行的情况，也应知道灾难发生时该如何处理。

Cutting risk does not mean only identifyingthe situations that could disrupt a data center’s operations. It means knowingwhat to do after disasters strike.

IT部门的灾难通常分为两类——自然灾难和系统故障。但是，最近几个月由于COVID-19的爆发，一些数据中心将大流行病纳入其商业应急方案，这样就使得他们比其他企业有更好的防备措施。

Disaster recovery in the IT sectorgenerally falls into two categories — natural disasters and system failures.However, recent months introduced new challenges due to COVID-19.Some data centers included pandemics in business continuity plans, making thembetter prepared than other businesses.

除了解决备用电源和阻止火势蔓延等系统类的问题外，制定灾难恢复计划还应了解如何应对整个部门或团队都感染了新型冠状病毒的情况。此外，公司应探索员工远程办公时应采取的新型预防措施。

Besides addressing things like backup powerand systems that stop fires from spreading, planning for disasters also meansdetermining what to do if entire departments or teams become infected with thenovel coronavirus. Additionally, companies should explore new precautions totake when employees work remotely.

确保数据中心风险管理计划包含具体灾难事件发生时的每一步处理指令。要让员工熟悉这些指令，使他们能够迅速而果断地采取行动，这将有助于减弱灾难事件的影响。

Ensure that data center risk managementefforts include step-by-step instructions for dealing with specific risks whenthey arrive. Giving a facility’s employees access to a document that equipsthem to act quickly and decisively helps limit a catastrophic event’s impacts.

音乐场馆和排练室的设计师将声学需求视为其首要考虑因素。但是，数据中心设计和评估人员可能会忽略声音对数据中心运行的影响。

Designers of music venues and rehearsalstudios consider acoustic needs among their top-of-mind concerns. However,people who plan and assess data centers may overlook how acoustical threats couldinterfere with a facility’s operations.

棘手的事情是，一些用于降低风险的设备可能产生长期的声音干扰。例如，火灾警报系统可能会影响硬盘驱动器的功能，嘈杂的制冷设备可能产生相同的影响。

The tricky thing is that some productsinstalled to limit risk could introduce it in other ways if they causeprolonged acoustical disturbances. For example, loud alarms associated withfire suppression systems could affect sensitive hard disk drives’functionality. Noisy climate control equipment could have similar effects.

在编写降低风险计划时，数据中心管理者应说明当前应对声学威胁的措施及未来的更新措施。例如，房间里的柔性材料会使声音传播的可能性降低，从而限制了可能损害精密设备的振动。

When writing risk reduction plans, datacenter managers should describe any current measures that deal with acousticthreats, as well as future updates that could do even more. For example, softmaterials in rooms make sounds less likely to carry, thereby limiting the vibrationsthat could harm delicate equipment.

当今的数据中心设有监测环境并发出潜在危险警告的先进系统。数据中心风险管理计划应阐明这些系统如何工作，以及工作人员收到警告后该如何处理。

Today’s data centers have advanced systemsthat monitor the environment and issue prompt warnings about potentiallydangerous situations. A plan created for data center risk management shouldexplain how those systems work and what people should do after receivingnotifications of possible problems.

例如，工作人员通过哪些步骤来验证是真警报，还是假警报？收到警报后应该通知其他团队成员，还是立即展开调查？

For example, what steps do they go throughto verify whether there’s a genuine issue or a false alarm? Should a personnotify other team members after getting an alert, or immediately startinvestigating the matter?

参与制定风险计划的人员必须确保文档中包含相关各方的最新联系方式。如果工作人员很难找到上级的电话号码，就可能浪费宝贵的时间，也就意味着事故可能会恶化，并长时间不受控制地发展下去。

The people involved in structuring the riskplan must ensure that the document includes up-to-date contact details for therelevant parties. If a worker struggles to find their superior’s phone number,they could waste valuable time, meaning an incident may worsen and progressuncontrolled for too long.

不要拖延

Don’t Delay When Dealing with Data Center Risk Management

构建数据中心风险管理计划需要投入时间、精力和多方介入。但是这样做是很值得的，因为这些计划可以阻止事态升级，并有助于提升数据中心和运营团队的弹性。

Coming up with a detailed approach forhandling data center risks takes time, effort and input from multiple parties.However, it’s well worth doing because these plans can stop problems fromescalating and help make facilities and their team members more resilient.

- end -

翻译：陈六一

编辑：Amy

原文出处：upsite