The environmental impact of IT is an issue under much scrutiny recently, but not much thought seems to have been given to the security consequences of "going green". Having thought it over, Quocirca has come up with an answer. There are two broad themes that affect the job of chief information security officers (CISOs) if businesses are serious about greening their use of IT.

The first is a positive one: on the whole, more IT infrastructure should end up housed in more resilient and secure data centres; the second is more negative—from the CISOs view point at least—businesses will have to accept, indeed embrace, even more open and flexible use of IT, often requiring access over the internet.

Greening IT requires three issues to be addressed: facilities, infrastructure, and usage.

Facilities
By facilities we mean the locations where IT is used—data centres, offices and in the field. The latter two are harder to control but a data centre has the potential to be managed very efficiently, where there is a will.

Twenty-first century data centre design is all about efficiency and, fortunately, that can also mean green. Efficient cooling, minimising energy requirements and reuse of heat have been covered in other articles by Quocirca. All save power costs and reduce CO2 emissions. A lower carbon footprint is good—but what about zero carbon?

To be clear, zero carbon is different from carbon neutral. It means deriving all energy requirements from sustainable power sources, not just offsetting those of dirty power derived from fossil fuels—coal, oil, and gas. Putting nuclear power to one side for now, this means hydro, wind, solar, tidal and geothermal power. Making use of such power sources is already a reality.

Google is building new data centres in remote locations near hydroelectric schemes. Yahoo! is talking about locations such as Switzerland and Iceland. UK co-location provider Centrinet has a carbon zero data centre in remote and windy Lincolnshire. These data centres are located close to power generation as it is more efficient to transmit data than electricity and there is less competition from other human activity. In the future, who knows, solar powered data centres in the Sahara?

This is all possible, but the remoteness of such zero carbon power generation locations makes them a long way from users. So while such locations are quite easy to make physically secure and will provide a resilient infrastructure for housing IT, the data they generate will have to be transmitted over long distances. For reasons we shall come to, this journey will often be over the internet.

Infrastructure

Great, so, long-term there is potential to make data centres zero carbon. There has also been much coverage of how to make the infrastructure it's housed within more efficient using consolidation, virtualisation and so on. But surely there is as much power used by IT infrastructure scattered around offices and carried by employees in the field. Not much can be done about that, surely? Well yes, quite a bit actually.

First, power management applications can help in offices, although in the field you have to rely pretty much on the common sense of employees (often problematic; agreed). But there is plenty of scope for consolidating infrastructure into the "carbon friendly" data centre.

Many workers only use IT in the office and can be served by thin-client computing or blade PCs run out of data centres, considerably reducing the use of power at the desktop. Branch office computing requirements can also be served out of data centres, reducing power usage and keeping network "heavy lifting" between "clients" and "servers" local to the data centre, rather than across wide area networks (WANs).

Good news for the CISO here—more infrastructure in a secure and controlled environment and less ad hoc access over WANs. For office workers and many branch workers, the network used will be a private one, so not too much extra concern about the remaining network traffic.

To some organisations, getting access to high quality data centre space may sound expensive. But it need not be. First, it is possible to procure such space from co-location providers like Centrinet, Telehouse Europe, or Netcetera, or just rent hardware provided by managed service providers who use co-location facilities like Rackspace or NTT Europe Online.

But an increasingly popular alternative is to turn to software as a service (SaaS) vendors, which provide subscription-based access to applications ranging from CRM (e.g. Salesforce.com, NetSuite, RightNow) to IT security (e.g. MessageLabs, Google/Postini, Qualys). All SaaS providers have to use robust well managed data centre facilities to underpin their business model.

Usage

The real security headache for CISOs is around usage outside of the office. This is not so much about what employees do with IT, but the fact that any business going green needs to open its IT infrastructure to a broad spectrum of external users.

Unlike other industries that are lambasted for their CO2 emissions, such as air travel and road transport, IT usage already has the potential to be low or zero carbon. So rather than being an environmental pariah, IT can be used to drive initiatives that green the business in other areas.

Collaborative applications like web and video conferencing are becoming more and more widely used and, while claims that these reduce the overall carbon footprint of a business need to be substantiated, their use is a direct alternative to travel. But such collaboration needs to be with suppliers, customers, and other business partners—not just between employees. This requires open access over the internet.

Business processes such as supply chain management and distribution are increasingly being opened up for direct access by businesses to external entities. This helps ensure the efficiency of the transportation and storage of goods. But again, this requires wide ranging access to IT over the internet by third parties.

Then there are employees working flexibly, field service engineers clocking in remotely using handheld devices, sales staff logging orders direct from customers' sites and call centre workers based in their own homes. All have the potential to make a business greener, especially if the applications themselves are run using low or carbon zero facilities and infrastructure.

So, the greening of IT means housing as much infrastructure as possible in secure data centres that will become increasingly remote and potentially zero carbon—this introduces more control, security and resilience but it also means providing wide ranging access to applications housed in such facilities, often over an inherently insecure network—the internet.

However, unlike many other activities that are hungry for power, well managed IT has the potential to give more back to the environmentally-aware business than it takes.