Extracting information: from May you will be able to demand a copy of all the information a company holds about you, free of charge
Extracting information: from May you will be able to demand a copy of all the information a company holds about you, free of charge

Secret servers: Where is our digital data stored?

We send countless emails and spend thousands of pounds online – but where is our digital data stored? Rhodri Marsden visits a bomb-proof vault to find out

Wednesday 06 August 2008 00:00

I've just been processed through an airlock, I've posed for a mugshot, submitted my passport and been assigned a five-digit visitor number. Now my guide is drawing my attention to a mantrap, a small moat ("it doesn't contain crocodiles, but it does slow people down") and infrared sensors which activate a bank of CCTV cameras. It's certainly not a place to wander about aimlessly with a confused look on your face – but this isn't a governmental intelligence agency building, a sensitive international border crossing or even backstage at a Madonna gig; these security measures are in place to guard several thousand computers. Computers that might well be holding data that you've sent across the internet.

Anyone who uses a PC regularly has words such as "safety" and "security" drilled into them relentlessly. We're sternly warned not to choose the word "password" as a password; we're slowly learning to avoid clicking on dubious links in emails, to keep our firewall and anti-virus software up to date, and not to allow our neighbours to have unfettered access to our wireless routers – all in the name of guarding personal information. But every time we press a "send" button – be it to submit a credit card number, to upload a photograph to a website, to fill out personal details in an online form, to shoot a private email halfway across the world or, increasingly, to use an online back-up service to copy over the contents of our hard drive – we rarely look beyond the neat, virtual representation of cyberspace on our screen and consider for a moment where we're actually sending the information.

Could it be on a PC wired up to a broadband connection in a suburban semi-detached house in Surbiton? It's possible. A server in a darkened corner of a data centre in Michigan? Much more likely – but without considerable sleuthing, we would never get to know. Nevertheless, we take it for granted that unauthorised people won't have access to that machine, and that when we want to restore our files, visit our own websites or recall our credit card details, that they'll be there, waiting for us to access them. So who are we relying on to look after our data properly?

Sean McAvan is one such person. As managing director of NaviSite Europe, he's responsible for storing data for a wide range of customers – from internet start-ups running cutting-edge web applications, to mid-size corporates backing up their data, to e-commerce sites processing thousands of our credit card transactions each day. NaviSite is just one of around 40 such companies within this one facility in the heart of London's Docklands – a building that used to house the Financial Times's printing presses – and whether you're a geek or not, it's an awesome spectacle. "If you consider the amount of electromechanical engineering in here," says McAvan, "and the number of machines, the amount of software they hold, and then extrapolate that across thousands of facilities like this one, it makes your head spin."

As I tour the building, escorted at certain points by eagle-eyed security staff, McAvan points out the various security features. "If you look up, you'll see 360-degree cameras," he says. "If you try to open that door over there, it'll start filming you. Our security passes will only work on specified doors, and accessing certain parts of the building requires risk assessments and method statements to be drawn up." And there's all manner of stuff not visible from the corridors: the building receives electricity from two different points on the National Grid, and thousands of litres of diesel are stored to power generators for three days in the event of an emergency.

Having spent an hour or so looking around, there's no doubt that I'd be happy for NaviSite to store my credit card details. But during day-to-day internet use we're unable to control where our information is processed; we're at the mercy of the services we use and the servers they have chosen, so our information is inevitably strewn across a huge number of data centres around the world that have varying levels of security. But one new back-up service, humyo.com, is one of the first to emphasise the safeguards that surround your files.

The server is housed in Manchester in what they refer to as "the climate-controlled peace and seclusion of a bullion vault, including solid granite, blast-proof steel gates and a vault door out of Goldfinger. There's over 16 feet of Bank of England-certified physical security shielding your files." So if the balloon went up, you'd still be able to access your holiday snaps. Humyo.com's Dan Conlon chose to base the service in what is known as "The Vault" to assure customers that they're taking all the appropriate precautions. "It's difficult to communicate, say, the reliability of a server. But a bullion vault is something that everyone understands," he says. "It's almost a metaphor for all our security efforts."

As any hardware expert will tell you, physical security of the kind offered by humyo.com and NaviSite is just one of three crucial measures to keep data safe. Protecting against the fallibility of computers is one – because hard disks fail, and they fail regularly; according to Conlon, 6.3 per cent of consumer hard disks break down within the first year of use. The other is maintaining connectivity to the internet and to ensure that online attacks are thwarted as soon as they occur. Monitoring systems that respond to unusual activity are crucial; Sean McAvan outlines a four-level alert system implemented at NaviSite, where "Level One will be addressed within 24 hours, and Level Four will mean phoning executives in the middle of the night and getting them out of bed."

As broadband use expands, and the services such as online video, audio, games and back-up continue to develop apace, more and more buildings will be needed to house the data we're all creating. So it's perhaps no surprise that, even in these cash-strapped times, the sector is expanding fast, with over $2.9bn due to be spent on UK data centres this year. But as Sean McAvan says, the facilities are only as good as the people who are employed to run them. "And in turn," he adds, "they're only as good as the processes that have been put in place for them to work to." As humble end-users, we can do nothing more than cross our fingers and hope that these businesses continue to protect our personal information to the best of their ability.

Strange but true: computer systems

Not all internet servers are encased in bombproof granite; some run on unusual machines in unusual locations, and perform distinctly unusual functions. Sony's online multi-player game, Warhawk, runs from an enormous cluster of Playstation 3 consoles – but what are the oddest web servers ever built?

The Potato-Powered Server

Back in 2000, Fredric White created a web server powered by five potatoes. It managed to cope with 0.2 hits per second, taking roughly five seconds to process a single server request. White eventually abandoned the project, citing "being sick of rotten potatoes" as the main reason.

The Tiniest Server

This minuscule device laid claim to being the smallest ever web server in 1999, and briefly served two tiny web pages. It was made from a Fairchild ACE1101MT8 microcontroller and was smaller than the head of a matchstick.

The Xbox

A university in the US, keen to keep costs down, used an Xbox games console as a server for philosophy students to work on their own websites. Five weeks into one semester, the students suddenly found that their projects had disappeared; the problem was tracked down to a sheepish manager who, not realising what the Xbox was for, had taken it home to keep his son amused.

The Pocket PC

The website slashdot.org ran a story in 2002 about a chap who had managed to get a web server running on his personal organiser. The "Slashdot effect" ensured that his organiser was quickly overwhelmed, and didn't stay a server for very long.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in