Previous Table of Contents Next


Replacement Glass Alternatives

The IT auditor has three alternatives when considering replacements for standard tempered or plate glass windows: wire-reinforced glass, shatterproof glass, or Plexiglas.

Wire-Reinforced Glass. Wire-reinforced glass has been the least expensive alternative, providing for increased security. The glass can be broken, but it is very difficult to clear the glass away from the wire to be able to cut the wire. Without taking the time to get the wire cut, the only entry to the room can be made by objects smaller than the gaps in the wire, usually not more than an inch apart.

Plexiglas. Plexiglas, although more costly than wire-reinforced glass, offers a material that is much more difficult to break and is not susceptible to small objects because the material is uniform throughout. The drawback to Plexiglas is that in certain installations it can discolor or slightly distort the image seen through it, which may compromise the business objectives of improving the work environment for the staff or having the computer on display for clients and customers.

Shatterproof or Bulletproof Glass. Shatterproof, or bulletproof, glass combines the consistency of Plexiglas with the visual quality of regular glass. Its drawbacks are its high cost, along with its extra thickness and proportional weight. The exact thickness and weight cannot be determined until a decision is made about just how strong the glass must be. The decision has to be based on an analysis of the possible risks and effects in the situation.

DATA CENTER FLOOR

The mainframe computer was a machine that, particularly in its infancy, generated a tremendous amount of heat. System engineers typically responded to this problem by installing appropriate cooling, and then placing the computer on a raised floor. The raised floor, normally 6 to 16 inches above the actual floor, provided underfloor ventilation that exited the floor directly underneath the computers. This caused the chilled air to blow directly into the system, thus keeping the operating temperatures within a reasonable range.

As the raised floor became common, computer technicians recognized an opportunity to eliminate the mass of wires and cables needed to interconnect data center equipment, as well as terminals and other remote devices that had been left lying on the floor surrounding the equipment. The raised floors generally left enough room for cable runs, and the computer manufacturers responded by redesigning their hardware to have those cables exit at the base of each unit near the floor. The new design created a new risk because there were now electrical and other connections either at or very close to floor level such that any water accumulation could affect the connections. This situation was amplified when people started running electrical cable under the raised floor, including standard extension cables for ancillary or other indirect equipment. The IT auditor should look under the raised floor, particularly on a first-time review, to see what is under the floor and what risks are relevant to the circumstances.

ALARM SYSTEM

The IT auditor should consider the need for an alarm system for the data center or for, at least, the area where the computer is kept. The cost of a system may be difficult to justify if the computer does not warrant being kept in a separate location. However, the evaluation should not be overlooked. The alarm system can have two different purposes: one related to environmental issues and the other to unauthorized persons.

Any evaluation of an alarm system should cover the need for identification, notification, and response, although the sequence of response and notification can be varied based on the nature of the problem encountered. This section discusses environmental issues from identification through response, followed by issues related to unauthorized activity.

A wide range of items can be considered part of environmental issues. They may be as small as a bad filter on the heating, ventilation, and air conditioning (HVAC) system or as big as a tornado. The greater issues surrounding a total loss of the data center, or a total loss of availability, should trigger the business recovery plan, and are not discussed here. An environmental event can only be addressed after it is identified.

Identification and Detection

Two practical methods exist for identifying environmental events. First is physical observation by employees, which may be effective during working hours, but only so long as the affected area has someone present and the event takes place where it can be observed. The second method relies on detection equipment. This equipment has the advantage of always being on duty and of having a specific threshold for action.

The IT auditor should always remember that most detection equipment requires electricity to function, and may either be battery powered or wired directly into an electrical source. If any of the devices is battery powered, it should have a feature that indicates when the battery power begins to diminish, and there should be a procedure to require the regular periodic replacement of the batteries. The company’s interests are not served if the detector is in place, but the event went unrecognized because of a dead battery.

Fire Detection. The alarm system should have at least one method of fire detection, whether it is smoke or particle detection. In either case, it is not the heat that triggers the detector, but one of the two primary products of combustion: smoke or particulate matter floating up in the heat from the fire. Smoke or particle detection is considered more effective than heat detection because the smoke and particulate matter usually precede the full conflagration that would be sufficient to trigger a heat-based fire detection system.

Heat Detection. Although heat detection is not an effective means of identifying fire, it is important to have a heat detector as part of the alarm system. The heat detector works to protect the equipment, because most computer equipment has a normal operating range of temperatures that should not be exceeded. Malfunctions can result if the operating temperature is too high or too low, although equipment damage is more likely when the temperature is above the normal operating range.

The IT auditor should be familiar with the hardware being used because some manufacturers have begun to build thermal sensors into their equipment. If these sensors identify an out-of-range condition that meets any other criteria that may have been established, the equipment will automatically shut down. These automatic shutdowns usually minimize potential data loss to the company. If a temperature condition causes a computer to shut down in an unplanned or uncontrolled manner, data loss is much more likely. There may also be a delay in recovery operations, which will trigger the business resumption plan.

Heat is normally the focus of deletion systems as opposed to cold. Too much heat can be caused by fire, an air conditioning failure, or malfunctioning equipment; too much cold results only if central heating is lost in a location experiencing sub-zero conditions. In such a case, turning the computer off would probably be a result, because everyone would have stopped working.

Water Detection. Water is the most common problem experienced by a computer, although the causes are not the floods that the systems professional may be quick to ensure will not happen. A leaking roof, failure of pipes running over the data center, unexpected sprinkler discharge, or drainage failure causing water to back into the data center are more frequent causes of water destruction than floods.

Water detectors generally work on a simple principle. Two contacts are placed in very close proximity to the floor, preferably in a low spot. As the water begins to rise up to those contacts, they short out and cause the attached alarm to sound. Water detectors may be the most important device to wire directly into an electrical source because they are generally the most difficult to access. Difficult to access means difficult to check or change the batteries, and there is an increased chance of having a dead battery when an unexpected water accumulation takes place.


Previous Table of Contents Next