Increasingly extreme weather threatens data centers and one of the things cloud computing customers prioritize most: reliability.
Data center operators have long planned for some climate risks, but climate change is increasing the odds of extreme events and throwing new ones into the mix. That’s creating a reckoning for operators, who could have to reevaluate everything from where to site new data centers to physically hardening infrastructure and spreading workloads across multiple regions.
A 2019 survey by the Uptime Institute, which advises business infrastructure companies on reliability, shows that a significant share of the cloud computing sector is being reactive to the threats that climate change poses or, even worse, doing nothing at all. Nearly a third of the nearly 500 data center operators that responded said they had not recently reviewed their risks and had no plans to do so. Meanwhile, just 22% said they are “preparing for increased severe weather events.”
Jay Dietrich, the Uptime Institute’s sustainability research director, said that large data center companies generally have the resources to undertake more regular risk assessments and prepare for how climate change will impact operations, from storms that could increase the risk of outages to drought that could complicate access to water for cooling. Meanwhile, smaller companies tend to be more reactive, though they stand to lose the most.
“If I’m a smaller company that doesn’t have a big data center infrastructure, but it’s integral to my operation,” Dietrich said, “I’d better be proactive because if that goes down, it’s my business that goes down with it.”
Amazon Web Services, Google, and Microsoft — dubbed the Big Three in the data center world — have the world’s biggest cloud computing footprints, and all three have robust risk assessment processes that take into account potential disasters.
AWS says it selects center locations to minimize the risks posed by flooding and extreme weather and relies on technology like automatic sensors, responsive equipment, and both water- and fire-detecting devices to protect them once they’re built. Similarly, Microsoft uses a complex threat assessment process, and Google assures customers that it automatically moves workloads between data centers in different regions in the event of a fire or other disaster.
If I’m a smaller company that doesn’t have a big data center infrastructure, but it’s integral to my operation, I’d better be proactive because if that goes down, it’s my business that goes down with it.”
However, none of the Big Three explicitly call out climate change in their public-facing risk assessment processes, much less the mounting threat it poses. (None of the three responded to Protocol’s specific questions and instead provided links to previous statements and webpages.)
A 2020 Uptime report warns that data center operators may have become complacent in their climate risk assessments, even though all evidence points to the fact that “the past is no longer a predictor of the future.” For instance, sea-level rise could overwhelm cables and other data transmission infrastructure, while the rise in large wildfires could directly threaten dozens of centers located in the West.
Meanwhile, storms are expected to intensify as well. A recent assessment found that roughly 3.3 gigawatts of data center capacity is in the federally recognized risk zone for hurricanes, and 6 gigawatts of capacity that is either planned or already under construction falls in the zone as well. And even when a data center itself is out of harm’s way, climate impacts have made power outages more likely, requiring centers to rely more on backup systems.
Given that data centers are designed to operate for 20 years — but are generally in use for much longer — the need to plan for how climate change is shifting baseline conditions is vital to ensuring operators aren’t caught off guard. This isn’t necessarily a future problem either. In 2017, wildfires got within three blocks of Sonoma County’s data center, and also scattered the team responsible for operating it across Northern California. And just this year, Google and Oracle's data centers experienced cooling system failures amid record heat in the U.K.
To account for these risks, Uptime encourages companies to spread workloads between data centers and regions; if a storm hits Florida, a provider should have infrastructure out-of-state so service can continue without pause, which happened during Hurricane Ian last month. While this redundancy is easier for a large company with widespread data centers, even smaller companies can benefit from using secondary and out-of-region sites for backup and recovery in case a climate-related disaster causes data loss at the original site.
Smaller fixes could have a big climate resiliency payoff as well. Uptime recommends investing in disaster prediction resources, such as those developed by insurance companies, to pinpoint the likelihood of disasters at any given site and use that information to take steps to prepare data centers for disaster, from moving generators and pumps to higher ground to installing flood barriers. These steps can improve a center’s reliability when disaster hits. At least some companies are already taking these steps, including Equinix, which has a global footprint of more than 240 data centers.
“We have undertaken a climate risk and resilience review of all our sites with our insurers,” Stephen Donohoe, the company’s vice president of global data center design, and Andrew Higgins, director of engineering development and master planning, told Protocol in a joint statement. “Climate risks are an integral part of our due diligence process during site selection, with flood risk, wind risk, water stress and extreme temperatures considered prior to acquiring the site mitigation measures are considered during the design process.”
[W]e’ve been really emphasizing that this is coming … You’re better off being in front of it than behind it.”
Major enterprise operations may have no choice but to take some of these steps, given policy changes underway in Europe and the U.S.
The EU’s corporate sustainability reporting directive, which will come into effect in 2023, requires large companies operating on the continent to disclose their exposure to various risks, including climate change. In the U.S., the Securities and Exchange Commission is considering a similar set of rules that would also require that companies disclose climate risk information, though a final rule is still months away.
If the rule, which is still in flux, comes into force, even the most reactive data center companies will have to change their ways.
“In our publications and discussions with clients and members, we’ve been really emphasizing that this is coming,” said Dietrich. “You’re better off being in front of it than behind it.”