INDUSTRY TRENDS Data Centres - Possibilities for South East Asia - Counter Terrorism Certification Board
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
INDUSTRY TRENDS
Data Centres – Possibilities for South East Asia
For the moment, data centres are a hot topic and an even hotter
property type. Crisis legislation for the pandemic moved a large amount of
people’s work and lives online, with some companies expected to maintain
aspects of work-from-home policies long-term. The global appetite for online
retail, banking, communication and peer-to-peer entertainment will further fuel
demand for data storage, digital infrastructure, and facilities. However: It is not
just the private market driving this transition, but governments seeking smart
city status and capabilities. With concern for efficiency and security against
extremism unabated, related technology for state use will add to national data
collection and storage loads in specialised premises.
Aside from sophisticated cyber security and power supply requirements,
there are numerous physical security features and systems that go into human
and asset protection for data centres. These can be challenging projects for a
consultant, as the structures and their technology have evolved so rapidly over
the past 5 years. At the same time, due to the recognised need and investment
potential around the world, structural engineering and research on cost-efficient
forms has been extremely innovative. The tiny differences these can make in PSF
construction & operational cost, operability, and environmental risks – which
include government behaviour – determine geographic fluctuations in demand.
Looking through the top 5 locations listed by Arcadis and Cushman, the
pressures of risk perception, price, and efficiency have yielded many sub-species
of data centre property. Government taxation, legislation, and incentives also
dramatically alter project location viability. Trends in choice of form by location
will basically be to maximise gains in business, physical, and cyber security, with
pressure from corporate and countries in environmental protection.
Furthermore, the low number of human occupiers and workers takes away
certain design pressures.
The data centre industry is therefore particularly guilty of taking
advantage of natural and man-made gaps to sidle into, cutting construction,
operation, and energy costs.INDUSTRY TRENDS
Data Centres – Possibilities for South East Asia
Subspecies 1A: Terrestrial / Standard Data Centre
The priority for these is that they are near to market, but typically take
advantage of industrial areas for cheaper land prices. Over the past two years,
these tend to be purpose-built by specialised vendors with a security consultant
engaged at design stage.
The lifecycle of these buildings seems short, with stock from ten years ago
categorised as pretty much obsolete although the core function is standard. This
is because the speed at which technology (and so many aspects of it) for this
service changes is very high, which makes developers more opportunistic and
open to ideas as well.
Short lifecycles will probably remain a key characteristic of the property type, so
one suggestion for future-proofing the private industry is to do fewer one-shot
fixed projects. Instead, a ‘circular economy’ of new and old modular data centre
units could be used to update ASAP with the newest model, while recycling and
redistributing the less efficient units. This applies for land and littoral placement,
but will depend on customer budgets, what requirements (e.g. flexibility,
hyperscale) eventually dominate, and infrastructure provision and negotiation.
There has also been change in demand, in terms of use, distribution, and
magnitude. Revolutions in user content generation as well as peer-to-peer
information and communication have changed the landscape for data storage,
while raising the speed at which price drives innovation.
The profile of the data centre has accordingly shifted. Lately, they are seen and
designed as prestige projects and premises, hoping to get a slice of corporate
outsourced storage needs. The beauty and secure impression of a project builds
the reputation of the data centre provider/ developer as well. This is nothing
new, reminiscent of patterns in office skyscraper design which occurred step-by-
step with innovations in construction technology and business over the 1900s,
and terror threats in the 1990s on. Even though a co-location facility’s lobby does
well to look good to prospective clients, the first impression that really matters is
still security. The importance of this perception has risen over the years, and
most ads and tours first and foremost mention or depict access control
measures.
Actually, if more employees and organisations adopt work-from-home practices,
the rent money for a large and lovely office may instead be redirected to data
centre and cybersecurity demands.INDUSTRY TRENDS
Data Centres – Possibilities for South East Asia
Subspecies 1B: The High-Rise Data Centre
It used to be quite normal for companies to have in-house data storage in their
own multi-storey premises. This has gone out of vogue, with businesses
preferring to outsource their data storage needs to a dedicated co-location
facility. The same land price pressures involved in industrial zone selection are
driving data centres vertical, which is especially true of central business locations
and land constrained tertiary economies. There are advantages to this species in
terms of cloud computing and rarity for interested users, as well as construction
cost savings if the facility is converted from original use, which is quite common.
In their quest to achieve a thriving yet environmentally sustainable data centre
industry, the Singapore government was reported to be experimenting with a
super high-rise form of data centre, at 20 storeys. This Keppel project is
predictably described in the brief as an ‘iconic building’. The height doubles what
is considered a standard high-rise data centre, like Sydney’s NEXTDC S1, S2, and
S3 projects. Not limiting itself to in-state markets and building forms, Digital Edge
out of Singapore purchased two high-rise centres in South Korea and plans to
expand their capacity as well as energy efficiency, as the North Asian market
experiences a boom. Subspecies 1B had seemed like it could facilitate a growth
industry for Hong Kong in 2013, but it has recently been losing projects to
Singapore and other competitors in the wake of political risks.
Another iconic building, declining in value as office space in one of the world’s
densest and hottest real estate markets, was retrofitted for use as a high-rise
data centre around 2013. This being the 32 storey Sabey’s Intergate Manhattan,
New York.
For our ageing but growing cities, there seems to be a lot of stock recycling
opportunity when it comes to data centres, as the concerns are more
mechanical, electrical, and digital. Pressure to conform to the tastes and
requirements of the living-thing occupant market is limited. The ability to add
value to non or less competitive structures via retrofit rather than rebuild hints
at an intriguing development trajectory for the urban spaces of the future. This
fascinating characteristic of data centres furthermore holds across multiple
terrains.INDUSTRY TRENDS
Data Centres – Possibilities for South East Asia
Subspecies 2: The Subterranean / Underground Data Centre
An attractive option for clients in the United States, due to risks from tornados
above ground and the availability of underground bunkers caverns from prior use
like mining. Cutting out time and construction costs by adapting pre-existing
(unutilised) space is great for businesses and governments. This form is very
appealing to space users for actual and perceived security, with an added ‘cool’
factor from Cold War vibes and spy movies. Secrecy and sanctuary in a possible
future of aerial drone surveillance or bomb-drops is another plus.
Another advantage from the nature of the structure are the reduced risks from
illicit entry. The perimeter concept is usually restricted to a single channel,
making access control and patrol simpler. A handful of guards and personnel can
handle a sizeable data centre, but due to perception of high security, there is an
attendant risk of complacency without proper training and values.
The South East Asian context is a little different, as far as feasibility and client
demand go. As covered in a Webinar conducted by Mr. Chandra Wirapaya (CCTP)
for the CTCB, due to soil characteristics in Asia, leakage may restrict market
potential for subterranean data centres. Fire was cited as the other threat, which
may override gains in security. While generally true for private organisations,
government projects tend to prefer subterranean facilities for their uniquely
secure profile.
Close to market can also mean close to seismic risk. In terms of client
perceptions, there have been concerns that underground may be less safe in
earthquake-prone areas, with subsequent advances in seismic/base isolation
technologies. Other arguments have also been put forth that depth of location is
a defence against shearing force during an earthquake, but the idea of quake-
triggered fire and damage deep underground is… deeply off-putting.INDUSTRY TRENDS
Data Centres – Possibilities for South East Asia
Subspecies 3A: Littoral / Floating Data Centre
Not the best option for areas experiencing high risks of piracy, but, floating
platforms build on existing technical know-how and materials in the
petrochemical and oil rig industry. Reportedly, they also require less energy to
operate and can take advantage of cooling seawater as well as modularity.
Another development they take advantage of is undersea cables. Much like
shipping for international trade in goods, undersea cables are the cheapest way
to transport data around the world. Their lifespan is around twenty years and
although vulnerable to cyber hacking, physical destruction doesn’t occur too
often, at least not yet, and not if deeper than 300 feet below the surface. These
cables render transnational data traffic and the best placement of centres near
shore, where there will be security available for the shallows, more feasible.
While this is technically and more economically feasible, there is a different set
of risks, for example in the event of maritime insecurity or unrestricted warfare.
China is reportedly losing desirability as a data centre location due to accusations
of geopolitical and privacy risks, also leading to an investment loss for Google
and Facebook in 2020 and 2021.
Subspecies 3B: Submerged Data Centre
Why submerge servers in coolant when you can submerge an entire data centre
in cold water?
Microsoft was an early leader in this technology, sounding ideas for ocean floor
capsules in 2014. This fits in with their strategic objectives of distributing
technology to a greater portion of the world population while reducing
emissions. The target demographic are the poor who often live along the coast
or rivers, reportedly subject to climate as well as a massive array of state and
non-state security risks.
The characteristics of the Microsoft capsule are that it is an edge-type and
capacity flexible product, needs limited human management, and if deep
enough, will not face all predicted security challenges. For the time being, though
this was tested in the Northern Isles which is not representative of maritime
security near the littoral poor, it does not seem likely that human threats will
commit to destroying or taking sea floor data centre capsules hostage.
Both maritime subspecies are capable of adopting a modular approach. Meaning:
Small and simple units can be added, rapidly boosting capacity to meet demand.INDUSTRY TRENDS
Data Centres – Possibilities for South East Asia
Subspecies 4: Integrated Data Centre
Scandinavia and Singapore will probably take the lead in this type, due to the
combined factors of intellectual capital and political will in enforcing energy
efficiency.
Though ranked highly due to market proximity, infrastructure, and lower
environmental and political risks, Singapore imposed a semi-official data centre
construction moratorium in 2020. This will semi-officially continue until
techniques for energy reduction satisfy government concerns, with a large
number of ongoing public-private partnerships and research projects. Relative to
the cold North, Singapore’s climate is seen as a disadvantage in conventional
data centre efficiency knowledge, with experiments on performance in the face
of heat and humidity ongoing.
One of the easiest ways to sweep away a project’s energy footprint is to shuffle
around the cooling and heat displacement needs, integrating inter-industry
operations.
For example: The subterranean project in Finland is cooled by the sea, under a
retrofitted church, while the heat generated is channelled to nearby
neighbourhoods for heating 500 homes. In Singapore’s case, integration is being
tested in the form of LNG and hydrogen infrastructure industries, to take
advantage of what would otherwise be negative externalities – and save money
for operations.
The pressure to cut cost, waste, and impact all along the data centre lifecycle and
service model is a key driver of innovation and experimentation amongst
stakeholders. Conducted trials with cooling, rack density, and efficiency continue
to find more ways to ‘fill the buckets’ (Data Center World, 2021) available in the
current landscape. Much of the pressure was as emergency reaction then
response to Covid19. This crisis-based learning will undoubtedly feed into new
opportunities for optimal adaptations, and it seems given that more integrated
uses and arrangements will be discovered.INDUSTRY TRENDS
Data Centres – Possibilities for South East Asia
Ask the Expert
The 2021 State of the Data Center report published in March by Data Center
World & AFCOM identified several new trends. These include density-focused
expansion, technology incorporation, manpower challenges, and security
models. The report is based on a survey of mixed profile industry professionals.
Given the importance of data centres to national defence and organisational
security going forward, we decided to interview one of our own professionals in
the field of security & blast engineering to obtain insights on the South East Asian
market, more specifically Singapore.
Case Study Questions
This April, there was a bit of a stir about Facebook’s decision to locate
their data centre in Singapore instead of Malaysia. Someone commented that
superior infrastructure was the reason, with a snappy reply that Malaysia has
many data centres which are perfectly happy with the quality of service, and a
recommendation to ‘check facts’. The significance of these projects to national
and economic status seems to be rising.
Singapore, along with other companies and countries, is experimenting with data
centre potential in REITs, and as subterranean, high-rise, and littoral (floating and
submerged) structures. What do you foresee for the South East Asian market over
the next 5-10 years?
Many consulting houses have good data and predictions on this, but
if you want a personal opinion, these are the three main trends:
1) They will be trying to reduce the footprint. You mention the
examples of high-rise, offshore, in Asia for the DC markets that also
experience high property prices and pressures for competing land
use. Trying to shrink their site coverage will be likely, which in some
cases is already a government policy intent.
2) While the physical nature of data centres will remain the same,
energy and cooling needs can and will be optimised via engineering.
Where there is perceived profit potential, there is going to be
innovation and it will be in these two aspects of cost and operations.
3) Continued efforts and sourcing for other means of energising DCs.
These are some of the greediest structures around, with huge carbon
footprints. Even if energy prices drop, more private companies and
public bodies than ever have environmental and sustainability goals
high on the agenda, which will drive interest in alternatives and
integrated uses.INDUSTRY TRENDS
Data Centres – Possibilities for South East Asia
If data centres become the skyscrapers of the 21st Century, do you think they
may also become the default tactical and symbolic targets for terrorist &
extremist attacks? Could you give us your thoughts on how and why?
Yes, as the world revolves around data these days: The loss, corruption,
manipulation, or modification of data has serious implications on a wide
scale.
Going back to the trends question, underwater and underground, at
least for now, are a lot more secure but if the intent to attack really
starts to focus on data centres, that’s not going to last for long. Threats
and capabilities change, the TVRA must be constantly rewritten, for your
cyber or your physical assets. What someone will be attacking, if they
want to hit a data centre, is really the knowledge, flow, and functioning
of your society.
For them, to try to destroy the knowledge of our civilisations would be
tactically and strategically valid.
Thank you for that observation… in a way it hints at another revolution in military
affairs, the next step beyond industry, bureaucracy & logistics as war (WWI,
WWII), with cities and civilians as targets. Now perhaps it would be shifting
towards our data-driven perceptions (information warfare) and our analytical,
organisational, communication & coordination capabilities, facilitated by big
data.
A union of cartels in Mexico have begun to use drone-borne IEDs to target police.
Claims are that this was a tactical response to use of roadblocks as defence
against vehicle-based attacks. What implications might this have for data centre
and perimeter layer design, or what would be your suggestions against 3D
threats?
Aerial attacks by drones have been successfully perpetrated. Drones that
carry high payloads are already available, in fact, they brag about these
abilities all the time, 5kg, 10kg, 50kg, 100kg. Top speeds, adaptable.
Maybe you remember, it was a bit funny at first, somewhat charming, a
drone landed in front of Angela Merkel when she was giving a speech.
Pirate Party did it for attention, it crashed and was carried away like a naughty
robot.
Yes, it seemed cute at first, but then after it happened, the real and
sinister implications started to sink in. What if it was a heavier, faster
model? You don’t even need explosives, you can use a spike. Or aINDUSTRY TRENDS
Data Centres – Possibilities for South East Asia
poisoned spike, we’ve had assassinations over the years, involving ricin
from an umbrella, Novichok in underwear, who knows what else will
come up. But these possibilities are real.
The problem with that is that in civilian/urban settings, countermeasures
are usually of a ‘soft kill’ nature.
Hard kill countermeasures are available but not implemented as the
policy, legislation, and questions on the ‘rules of engagement’ remain
unanswered. Let’s use Singapore as an example, a 100% urbanised,
dense built-up city-state, where you simply can’t sanction civilian
neutralisation of suspected drone-threats. The ‘hard kill’ means fallout,
debris, a crash, and when you don’t know what it was going to do or
what it was carrying, or who might be injured or killed if it falls, it’s a
nightmarish scenario for everyone.
Therefore, the person that observes this threat only has the option of
calling the police, but again, soft kill measures.
In any case, you really can’t do much against a weaponised drone,
especially if you happen to be an unhardened data centre or other soft
target. Maybe you might be dealing with a less technically capable
perpetrator. Let’s say you decide this is a highly credible threat, and go
so far as to train your guys to disrupt a UAV with the right equipment
investment, send it back to base or order it to land. However, this is
simply not a possibility if the software has been disabled and it’s on a
ballistic trajectory. Dead reckoning, the wings are locked and it goes right
in for the kill. Nothing much you can do to modify aerial terrain and
disrupt the blast path.
Hence the efforts to regulate and register drone purchase and use at the state
level… but then given that, then what about a successful attack’s fallout and
impact on the industry?
After 9/11, a study found that the three most distinctive landmark buildings in
Chicago experienced a pronounced rise in office vacancy rates. How do you think
a high-profile cyber or physical attack on a data centre would affect market
perceptions and demand in the industry, including for physical security
consultancies?
One must assume that the attacker/perpetrator has done his
‘homework’ and planned the attack – cyber or physical – well. In my
opinion, this is independent of whether the data centre is a high-profile
target or otherwise. What varies is the specifics of the facility/locationINDUSTRY TRENDS
Data Centres – Possibilities for South East Asia
versus the sophistication of the attacks, and 9/11 is so exceptional as an
attack, it’s best to leave it out of most, if not all, analyses.
Now when it comes to infrastructure, the less sexy parts of our built
environment, there’s a big problem called ‘complacency’. This is worse
when the government’s counter-terrorism capabilities are high.
And I assume also because over the past few decades, most publicised attacks are
focused on symbolic, iconic, or public spaces to kill as many people as possible. At
the moment, DC’s are not the shining star of terror targeting.
Not wrong, but that’s not, or I doubt that that is the main determinant of
attitudes. As far as I can tell, if there is this big and terrible attack on a
data centre, perhaps in Malaysia, perhaps even in Singapore something
happens. It will cause worry, but the market tends towards believing ‘it
can’t happen here, the government will take care of it’. So, they
essentially rely on this dictum and do the minimum possible, a
consultant really has to spend a lot of time convincing. Ultimately, they
will probably note a like attack or such risk, but make few investments.
I don’t think that’s totally unique to Singapore, lots of people have the attitude ‘it
would never happen to me’, and sometimes statistics support that calculation.
But the point is: It could, no matter how boring you might look or be, someone
could see target appeal, punishable offence, or opportunity.
In the 2020 Christmas bombing of an AT& T, problems cited by experts included
redundancy design and façade strength. Going forward, possibly into an age of
many deliberate infrastructure attacks, what would you recommend as physical
security priorities? Particularly with regard to impact mitigation in high density
urban areas.
The means to protect facades and structural elements are well known
and continue to improve due to developments in design, materials,
engineering/construction methods. What the physical security/blast
engineers need-to-know and require are clear and well-thought-out
protection and post-attack requirements.
If an explosive attack occurs in a high-density urban area, and
containment of the explosion has not been catered for, then there will
be varying degrees of collateral damage. Recall the series of explosions in
Tianjin in 2015 and more recently at the port storage area in Beirut.
These were enormous accidental explosions.
Food for thought: What does your neighbour do, and who might hate them for it?INDUSTRY TRENDS
Data Centres – Possibilities for South East Asia
Lastly for this section, a summit was recently held that analysed recruiting
challenges for the data centre industry in the United States. I was wondering how
you would describe the market here, as the challenges they mentioned were A)
Trouble hiring people younger than 45 B) Few hires of people with less than 10
years of experience. Your thoughts?
First of all, it’s an entirely different DC ecosystem over there, just one
reason being the sheer amount of space available… But if you want to
focus on recruiting and hiring, what you described is not seen in much of
the Asian market. If you have some relevant experience, or a related
degree, even some background or experience in IT, you are snapped up.
It’s a very very hot market, and there’s no constraints in terms of age,
thresholds for background or experience. We also don’t have the
headhunter process so much over here, which has some of those issues
mentioned.
DC providers, Google, Amazon as the hyperscalers etc., also tend to like
being located where there is good technical manpower, and the
digitalisation as well as expansion of Smart Nation programmes in many
countries over here has raised this supply. And it’s good that we start
young, the jobs market is varied, and data gathering, analysis, and
application is really quite pervasive.
BUT: There is still a rapid half-life. Whoever is involved has to keep up,
whether through embedding or contact with a partner, through
certifications and ongoing learning. And it isn’t just the technology, even
the lingo evolves so fast you really have to be in the loop regularly to get
anywhere close to being in the know, enough to operate dynamically in
the environment.
General Questions
As a consultant for government projects, do you have more flexibility and
opportunities to experiment with new techniques and technologies?
In Singapore, for Government projects, the requirements are always
prescribed in the Tender.
In hiring a physical security consultant for a project, what do you think clients
value the most? And for their data centres, what aspects do they value / request
the most?
Experience and cost-effectiveness.INDUSTRY TRENDS
Data Centres – Possibilities for South East Asia
Let’s say you lack that specific experience, would getting it from elsewhere in the
region be a reasonable career plan?
Not necessarily? There would be differing employment conditions,
maybe the job requirements would be less stringent. Hard to say, but a
word of caution. It could be harder to advance one’s career elsewhere
because you’re not on the same treadmill, you know what I mean?
When the pressure isn’t there, you could fall behind and become
irrelevant for more sophisticated markets. This isn’t as true for
mechanical problems but for digital? The more intense the context, the
better for personal, sustainable advancement.
There have been such rapid technological and market changes in the past
decade. What would you advise for equipment lifespan/the technology selection
process?
For electronics, there is little choice but to keep up with the changes.
Blast solutions remain valid for a long time.
What are some material trends that have had an impact on physical security over
the past 5 years?
Lighter, stronger, and ‘smarter’ materials that allow normal architectural
and structural dimensions to be retained. However, these come at a
higher price compared to traditional building materials such as steel and
reinforced concrete.
For electronics: Longer stand-off detections of concealed items.
Has demand & government requirements for green technology complicated
matters for you, as a consultant?
Protection against explosive attacks is the last line of defence. ‘Green
technology’ construction elements are more difficult to protect.
Is there a tendency for security personnel to get complacent in high-security,
high-technology facilities? How is this addressed?
Selection screening, proper training, motivation and a scheme of checks
and counterchecks are critical to success.INDUSTRY TRENDS
Data Centres – Possibilities for South East Asia
There’s been several recent reports on facial recognition technology and growth
in demand. Some products offered include emotion reading and detection. How
would you evaluate then suggest such technological innovations to clients?
Assuming a client wants to use this technology, and that privacy issues
are secondary, facial recognition is sophisticated nowadays and is
improved continuously. Intent and emotion detection is more difficult
and still not widely accepted.
Thank you kindly to our anonymous professional for participating in this
interview, our CTCB representative very much enjoyed the conversation.
:
Keppel takes data centers to sea in land-scarce Singapore
Land restrictions force Singapore's data centers underground & up high
In Land-Constrained Singapore, Keppel Eyes Floating Data Centers
Singapore hits pause on building new data centres; short-term rents up
Monetary Authority of Singapore’s (MAS) Technology Risk Management (TRM)
Guidelines
The making of Iron Mountain Singapore
US, Singapore, and Japan top the list of best data center locations [ 2021, March ]
Singapore's CapitaLand, SP Group, Sembcorp to study use of integrated energy
for data centers
China’s 7,500-Mile Undersea Cable to Europe Fuels Internet FeudYou can also read
