The current global pandemic of Covid-19 has brought us a few gifts: global desolation, earaches from the rigid rubber bands of the FFP2 masks, applause for Health at eight in the afternoon on the balconies, fear of infected ones and staff shortage in the data center industry and shortage of IT professionals. In this article we will delve into this last topic.

*We will already devote a double-page report to the saw rubbers of the FFP2

Lack of staff in the data center industry

It is like that how our beloved pandemic has turned the world upside down, at so many levels that even the data center sector has noticed it. Data centers have received an unexpected amount of work due to the reinterpretation of the labor system and telecommuting. In fact, the size of the global data center industry has grown dramatically. This is a direct consequence of higher exposure and need for the Internet, which has come hand in hand with the confinement imposed by governments around the world to fight against infections. That way, it is estimated that the size of the world data center market will reach in the near future (2021-2026), nothing more and nothing less, than 251,000 million dollars.

Source: Uptime Institute Intelligence

And what is the growth of the global data center market leading to? Well, to a proportionally direct and parallel need of professionals in the sector. Estimates from the Uptime Institute, the long-standing champion of digital infrastructure performance, suggest that the number of staff required to manage data centers across the globe will rise from about two million today to nearly 2.3 million in three years.

This turns into countless new technical jobs for the data center industry. Of all types and sizes. With different requirements. From design to operation. And around the world.

You still don’t want to go send resumes?

Why the shortage of IT professionals and other personnel in the data center sector?

Well, just as remote regions are fighting for the repopulation of their villages, this sector is already dealing with the lack of personnel. It is not an easy subject. According to the Uptime Institute, it is very difficult to find suitable candidates for vacant positions at the moment, so if you want to look for a job in your domain, you must be prepared. Although, as it is often the case, in most positions, work experience, internships or work-study training may make up for a certain lack of skill and experience.

With much of the tech industry currently struggling to find qualified staff, data centers are finding it a bit more difficult to locate and hire professionals in high-demand roles. Like power systems technicians and analysts, facilities control specialists, or robotics technologists, or as I call them “Robotechnologists.”

If you’re serious about it and want to be one of the data centers, success in your quest requires a combination of special skills. Yes, exactly, like when you want to be a ninja or a neo noir detective. First, extensive infrastructure knowledge is required. If you have boards with mechanical or electrical equipment, the better. Programming, platform management, specific technological tools… Basic technological knowledge is also very important. In addition, as in the ninja world or in neo-noir crimes, data centers need specialists with practical determination and ample capacity to solve problems, critical thinking, a drive for business objectives, and, not least to know how to behave, both in teamwork and customer service. For all this string of skills and qualities it is making it difficult for them, in the data center industry, to find personnel. But, well, what can we do? There have also been few Fujibayashi Nagato (ninja) and Sam Spade (detective).

As a result, many data centers today are understaffed. They are overloaded, with more job vacancies than people ready to apply for them. And this without taking into account the high demand, outside the data center sector, for professionals with knowledge of computer science and software. The reality is like this, everyone needs a tech expert among their ranks, and sometimes you have to fight for them.

Source: Uptime Institute Intelligence

Debido al cataclismo mundial del Covid-19 y la recesión que ha traído, el estilo de trabajo ha cambiado, trayéndonos de súbito el teletrabajo y las operaciones remotas. Esto ha supuesto que los servicios de los centros de datos incrementen su rendimiento para que las empresas de todo el planeta pudieran operar. Los centros de datos están en un punto crítico. Tienen más trabajo pero menos personal especializado para realizarlo. Además, en estos tiempos, resulta bastante difícil encontrar a una plantilla a la altura. Quizá con la adopción de La Nube y nuevos avances en la tecnología digital se pueda cimentar un sistema,  post-Covid-19, que lleve a las empresas hacia un futuro próspero.

Some conclusions

Due to the global cataclysm of Covid-19 and the recession it has brought, work style has changed, suddenly bringing us telecommuting and remote operations. This has meant that data center services increase their performance so that companies around the world could operate. Data centers are at a critical point. They have more work but less specialized personnel to do it. In addition, these days, it is quite difficult to find a team to match. Perhaps with the adoption of the Cloud and new advances in digital technology, a system, post-Covid-19, can be established that will lead companies towards a prosperous future.

Software developers and manufacturers around the world are under attack by cybercriminals. It is not like we are in a time of the year in which they spread more and they barricade themselves in front of the offices, with their evil laptops seeking to blow everything up, no. They are actually always there, trying to violate information security, and in this article we are going to give you a little advice on the subject.

No one is safe from all threats

Whether it is a middling attack or sophisticated and destructive (as it happened to our competitors Solarwinds and Kaseya) evil never rests. The whole industry faces an increasingly infuriating threat landscape. Almost every day we wake up with some news of an unforeseen cyber attack that brings with it the consequent wave of urgent and necessary updates so that our system is safe… Nobody is spared, real giants have fallen over. The complexity of the current software ecosystem means that a vulnerability in a small library affects hundreds of applications. It happened in the past (openssh, openssl, zlib, glibc…) and it will continue to happen.

As we pointed out, these attacks can be very sophisticated or they can be the result of a combination of third-party weaknesses that make the client vulnerable, not because of the software, but because of some of the components in its environment. That’s why IT professionals should demand that their software vendors take security seriously, both from an engineering standpoint and from vulnerability management.

We repeat: No one is safe from all threats. The software vendor that took others out of business yesterday may very likely be tomorrow’s new victim. Yes, the other day it was Kaseya, tomorrow it could be us. No matter what we do, there is no 100% security, no one can guarantee it. The question is not to prevent something bad from happening, the question is how to manage that situation and get out of it.

Pandora FMS and ISM ISO 27001

Any software vendor can be attacked and each vendor must take the necessary additional measures to protect itself and its users. Pandora FMS encourages our current and future clients to ask their suppliers for more consideration in this matter. We include ourselves.

Pandora FMS has always taken security very seriously, so much so that for years we have had a public policy of “Vulnerability disclosure policy” and Artica PFMS as a company, is certified with the ISO 27001. We periodically employ code audit tools and maintain some modified versions of common libraries locally.

In 2021, in face of the security demand, we decided to go one step further, and make ourselves CNA of CVE, to give a much more direct response to software vulnerabilities reported by independent auditors.

Decalogue of PFMS for better information security

When a client asks us whether Pandora FMS is safe, sometimes we remind them of all this information, but it is not enough. Therefore, today we want to go further and prepare a decalogue of revealing questions on the subject. Because some software developers take security a little more seriously than others. Relax, these questions and their corresponding answers are valid for both Microsoft and Frank’s Software or whatever thing you may have. Since security does not distinguish between big, small, shy or marketing experts.

Is there a specific space for security within your software life cycle?

At Pandora FMS, we have an AGILE philosophy with sprints (releases) every four weeks, and we have a specific category for security tickets. These have a different priority, a different validation cycle (QA) and of course, a totally different management, since they involve external actors in some cases (through CVE).

Is your CICD and code versioning system located in a safe environment and do you have specific security measures to ensure it?

We use Gitlab internally, on a server in our physical offices in Madrid. People with name and surname, and unique username and password have access to it. No matter what country they are in, their access through VPN is individually controlled and this server cannot be accessed any other way. Our office is protected by a biometric access system and the server room with a key that only two people have.

Does the developer have an ISMS? (Security Incident Management System)

Artica PFMS, the company behind Pandora FMS, is certified with ISO 27001 almost from its beginnings. Our first certification was in 2009. ISO 27001 certifies that there is an ISMS as such in the organization.

Does the developer have a contingency plan?

We not only have one, we have had to use it several times. With COVID, we went from 40 people working in an office in Gran Via (Madrid) to each and everyone of them working at home. We had power outages (for weeks), server fires and many other incidents that put us to the test.

Does the developer company have a security incident communication plan that includes its customers?

It has not happened many times, but we have had to release an urgent security patch, and we have notified our clients in a timely manner.

Is there an atomic and nominal traceability on code changes?

The good thing about code repositories, like GIT, is that these kinds of issues have been solved for a long time. It is impossible to develop software professionally today if tools like GIT are not fully integrated into the organization, and not only into the development team, but also into the QA, support, engineering… teams.

Do you have a reliable update distribution system with digital certifications?

Our update system (Update Manager) distributes packages with digital certificates. It is a private system, duly secured and with its own technology. 

Do you have an open public vulnerability disclosure policy?

In our case, it is published on our website.

Do you have an Open Source policy that allows the customer to see and audit the application code if necessary?

Our code is open, anyone can review it at https://github.com/pandorafms/pandorafms. In addition, some of our customers ask us to audit the source code of the Enterprise version and we are delighted to be able to do so.

Do the components/third-party purchases meet the same standards as the rest of the parts of the application?

Yes they do, and when they do not comply, we maintain them ourselves.

BONUS TRACK:

Does the company have any ISO Quality certification?

ISO 27001 

Does the company have any specific safety certification?

National Security Scheme, basic level.

Conclusion

Pandora FMS is ready for EVERYTHING! Just kidding, as we have said, everyone in this sector is vulnerable, and of course the questions in this decalogue are elaborated with certain cunning, after all, we had solid and truthful answers prepared in advance for them, however, the real question is: Do all software vendors have answers to those questions?

Would you like to find out more about what Pandora FMS can offer you? Find out clicking here . If you have to monitor more than 100 devices, you can also enjoy a FREE 30-day Pandora FMS Enterprise TRIAL. Installation in Cloud or On-Premise, you choose !! 

Last but not least, remember that if you have a reduced number of devices to monitor, you may use Pandora FMS OpenSource version. Find more information here .

Do not hesitate to send your questions. The great team behind Pandora FMS will be happy to assist you! And if you want to keep up with all our news and you like IT, release and, of course, monitoring, we are waiting for you in our blog and in our different social networks, from Linkedin to Twitter through the unforgettable Facebook . We even have a YouTube channel , and with the best storytellers. Ah well, we also have a new Instagram channel ! Follow our account, we still have a long way to go to match that of Billie Eilish.