So you've found a great data centre run by a provider who seems to tick all the boxes. But before signing on the dotted line and taking space, there are several property and legal traps which need to be examined first.
Not only do IT executives need to consider physical security and environmental credentials but even legislation such as the Privacy Act 1988 and the Patriot Act can come into play, say legal experts.
Truman Hoyle partner, Nick Finlayson, says IT executives should investigate the physical security of the facility while negotiating a data centre lease. This is because they may not want competitors in the same building or other neighbours – such as political or defence organisations – who might introduce levels of risk for the data centre operation.
"It's important to specify building security in the property lease to ensure access to the physical space housing the data centre is tightly controlled and the facility does not jeopardise its Tier equivalent classification," Finlayson says.
In depth: How to manage data centre complexity
Keeping the lights on
Middletons partner, Cameron Abbott, says clients expect third-party data centres to provide more robustness and power and energy use than they can provide themselves.
However, this does not always prove to be the case.
"When power fails, you have two fall backs," he says. "Uninterruptable power supplies have short-term power storage but that tends to protect you from shorter term disruptions. Then you've got to rely on back-up generators to spring into action if it [the UPS] is going to go longer than that."
He pointed out that in June 2012, Amazon Web Services lost data centre power which affected businesses that use the company's hosting services. "Technically the vendor only lost power for 30 minutes but what happened is that it interrupted the servers or they started to turn the servers off realising that they had limited battery life in their UPS," he says.
"The UPS power is only finite and as it starts running out you have to turn off servers because it's better to have them power down than crash." Truman Hoyle's Finlayson says access to power – including back-up supply and availability of power upgrades – was an important consideration.
"Power upgrades beyond the initial maximum threshold in the lease are generally the responsibility of tenants, who also need to consider where the property is located as upgrades in densely packed business districts might not be possible," he says.
Gilbert+Tobin partner, Bernadette Jew, says that a big focus of her firm's property contracts are on data centre power usage efficiency (PUE) measures. For example, its contracts focus on the PUE measure and IT load of the facility.
"We're conscious that levels of power efficiency need to improve over time so we don't just agree on one [PUE] measure and lock it in for 15 to 20 years," Jew says.
"You have a mechanism to improve it on a year-by-year basis so improvement in the PUE measure is part of your annual planning and technology roadmap."
She adds that IT executives need to benchmark energy efficiency with similar sized data centres. For example, if different facilities are achieving a better PUE, then the tenant's data centre provider needs to take whatever steps are required to improve the PUE level.
Green IT
Truman Hoyle's Finlayson says that environmental performance of data centres is becoming an important consideration for tenants due to rising costs of electricity and corporate social responsibility.
In addition, the recent passing of the carbon tax also needs examining as Finlayson warns that some landlords may try to use the tax in their favour to pass on carbon costs to the data centre tenant.
"For example, the landlord's obligations on a contract I looked at recently were far reaching and I'm not sure they were a reflection of where the carbon tax really is," Finlayson says.
"It was basically `we're going to catch everything to do with Carbon and you're going to reimburse us'."
Other environmental legislation which executives need to be aware of is energy disclosure under the Building Energy Efficiency Disclosure Act 2010.
According to Finlayson, this Act is about reporting and giving information to a tenant as a consumer. "It's all in relation to the star rating on a property for energy usage. As a tenant, you're obliged to give the landlord information every now and then so they can provide that information to any prospective tenant or purchasers of the building," he says.
Finlayson added that the Act generally applies to properties over 2,000 square metres. "There is still an obligation on the tenant to provide this information even if you're in a small space because that's how the landlord works it all out. In so far as what you see as a prospective tenant, so you can assess the energy rating for yourself," he says.
Middletons' Abbott adds that based on anecdotal evidence from clients, the growth in data centres is happening because a lot of organisations want to be able to boast that their main office is six star environmentally rated.
"That [rating] very hard to achieve if you have the data centre in your own office," he says.
Legislation
Finally, IT executives need to examine legislation which covers data including the Patriot Act which can apply to US-owned data centres located in Australia such as the new Rackspace facility.
According to Macquarie Telecom's general counsel, Heather Tropman, Rackspace may not be able to ignore Patriot Act requests for data in its Sydney facility.
"The Patriot Act is widely recognised as having extra-territorial reach outside of just the US," she says. Whether Rackspace has "set up a subsidiary company [in Australia] or not, they're either a US company or they're a US-owned company."
Tropman says that her understanding of the Patriot Act process is that the FBI can issue a national security letter to Rackspace in the US, and then Rackspace would request the information from its Australian subsidiary.
Middletons' Abbott says that if the data centre vendor is an Australian subsidiary and owned by a US company, then there is a conflict of laws that is "potentially going to occur."
"For example, the US authorities may take the view that as it is a wholly owned subsidiary in Australia it is controlled by the US parent and therefore the US parent should respond to the order to deliver up by exercising its control on the subsidiary," he says.
"The contrary argument is that the US company could say `we'd like to and sure, it is a subsidiary of ours but we cannot require our subsidiary to break the laws of its jurisdiction such as the Privacy Act and therefore we are unable to exercise that degree of control."
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.