Protecting the cloud

Protecting the cloud

It is imperative that all businesses prepare themselves for unseen disasters, particularly the risks associated with fire. In the case of data centres writes Peter Stephenson, Business Development Manager, Warringtonfire, reliable fire protection systems and a robust fire protection strategy should provide continuous availability of computing capacity and stored data, thus assist avoiding business disruption and maintaining essential operability.

As we slowly emerge from the Covid-19 pandemic and a degree of normality returns globally the benefits and flexibility of ’home working’ cannot be understated. In fact by 2025, 85% of infrastructure strategies will integrate on-premises, colocation, cloud and edge delivery options, compared with 20% in 2020 – the importance and protection of data centres moving forward is a key issue.

Throughout history, fire has posed a real risk to life safety, property protection, business continuity and often forgotten brand protection – particularly for large international IT companies. Today’s data centres and server network rooms are under enormous pressure to maintain seamless operations and built-in redundancy provides a tier of resilience for a host of potential incidents/threats. 

Some companies risk losing millions of dollars with one data centre catastrophe not to mention the negativity for their brand associated with such an occurrence. In fact, industry studies tell us that 43% of businesses that closed due to fire never reopen and 29% of those that do reopen fail within 3 years. With these statistics in mind, it is imperative that all businesses prepare themselves for unseen disasters, particularly the risks associated with fire.

Fire risks and fire prevention requirements

Data centre operators’ number-one priority is to ensure maximum continuous availability of data and computing capacity – 24 hours a day, 7 days a week, 365 days a year. Modern work, business and communications are all dependent on digitally stored information and data. To avoid unwanted disruption it is essential to both data centres and their customers that system operability is maintained available at all times. Reliable fire protection systems can help data centres maintain this standard and reduce the impact of a fire incident.

The risk of fire in data centres is primarily due to the high energy density of the installed electrical equipment and heat produced by the IT racks. Most data centre fires are caused by technical defects in electrical equipment, which require an appropriate fire detection and protection solution.

For most data centre and server room operators, however, potential fires are not the main issue. A key concern is to avoid at all costs having to cut power to equipment and thus interrupt IT processes. This often relates to contractual agreements with their customers regarding continuous availability of computing capacity and stored data, which also involves liability risks. Customers are dependent on digitally stored information, so no data centre can afford downtime. As such, data centre safety and fire-protection measures are focused on preventing any type of operational downtime, especially cutting power to the data centre – even in the event of a fire. At the same time, it is important that security and fire protection systems be as efficient as possible, in order to keep operating costs down.

Regulatory compliance

The goals of fire protection are to efficiently protect people, assets, data and the environment from the dangers and effects of fire, and to minimise material damages, loss of data, operational interruptions and the consequent loss of business. To guarantee adequate fire safety standards, national and regional directives have been established in the vast majority of countries. Personal safety is generally regulated by laws and official requirements, while the protection of material assets is mainly determined by the guidelines and directives drawn up by insurance companies.

The UAE Fire and Life Safety Code provides guidance for the protection of IT and server rooms, predominately where found as an ancillary use within the buildings main occupancy type as does other regional codes, such as the Saudi Building Code. NFPA 75 provides guidance for the protection of computers or data processing equipment. It’s important to note that NFPA continually updates its standards to accommodate the ever changing data centre environment. Although NFPA is one of the recognised international organisations that set standards for fire protection it must be remembered that the Authority Having Jurisdiction (AHJ) may have local requirements to be adhered to for fire protection in a facility. NFPA standards supporting regional codes and standards to be considered within a data centre design include:

  • NFPA 75: Standard for the Protection of Information Technology Equipment
  • NFPA 76: Standard for the Fire Protection of Telecommunications Facilities
  • NFPA 2001: Clean Agent Fire Extinguishing Systems
  • NFPA 72: National Fire Alarm and Signalling Code
  • NFPA 25: Inspection, Testing, and Maintenance of Water Based Fire Protection Systems


In addition to complying with international and local codes and any requirements imposed by the AHJ a fire risk assessment should be included during the building design and form part of the on-going fire safety management during the occupation phase of the building. To ensure a robust fire protection strategy is developed for a data centre, it’s important that the design team have a full understanding of the basic theory behind the fire.   Stakeholders should be involved in the design process and should be invited to attend a Qualitative Design Review (QDR) chaired by a competent fire engineer – this ensures stakeholders don’t work in silo’s and key information relating to their discipline can be fed into the design process. There are four key areas that the design team should be aware of when discussing the fire protection systems,

  • The Fire Triangle
  • Fire load
  • The classes of fire
  • Stages of combustion

By studying these factors and stakeholder requirements identified during the QDR it will assist in determining the optimum type of fire protection systems to suit the needs of a data centre.

Early fire detection is possible through approved air sampling and aspirating systems. This early warning enables in-house fire teams to investigate prior to a full alarm condition and, the cause & effect protocols initiating the fire safety systems – for example by charging a dry pipe sprinkler system with a pre-action mode. 

However, a few fire prevention and fire extinguishing agents may help on one side, but can cause serious damage to the infrastructure on the other. As an example, in the UAE sprinklers with spacing and discharge density, as required in the UAE Fire and Life Safety Code and the Standard for the Installation of Sprinkler Systems (NFPA 13), have been a popular choice for data centre protection. The potential damage associated with water, heat, steam, and combustion products is considerable as wet systems are reliant on thermal initiation with a potential delay in operation. 

Any water-based system could lead to short circuits and cause damage to the electrical components. The deposit of extinguishing media residue deriving from dry powder and foam portable extinguishers can be harmful to the costly and sophisticated technical devices located in the data centre. The solution lies in the use of “clean agents” that leave no corrosive or abrasive residues after their use. Clean agents being electrically non-conductive, represent the ideal protection for electronic equipment.

Fire protection

Fire protection for modern data centres is complex. The overall protection programme needs to be based on the level of acceptable risk for the data centre and meet the rigors of reliability and business continuity goals. A comprehensive protection programme developed to address expected fire risks, rather than simply meeting local codes and regulations, provides a robust approach to meet these goals.

The three system objectives of a data centre fire protection system are:

  • To identify the presence of a fire
  • Communicate the threat to the authorities and occupants
  • To suppress the fire and limit any damage

Designing to typical code requirements will not necessarily meet property protection and business continuity goals. Holistic designs that consider fire ignition scenarios and design for these scenarios, rather than simply meeting the code requirements, address these goals. Such designs integrate systems into comprehensive fire protection programmes and incorporate requirements for building construction, fire and smoke rated walls and ceilings to protect the data centre, interior finish limitations, egress provisions, and fire detection and suppression systems.

Three levels of protection

Having analysed the numerous fire hazards associated with data centres, fire protection measures should be assessed to cover 3 key and different levels — namely the whole building, the individual room level, and finally the rack level.

Level 1: Building fire protection

This level of fire protection is focused on keeping the building, and its occupants safe. Methods used to achieve building-level fire protection in data centres include:

  • Fire sprinkler systems
  • Portable firefighting equipment – area of cover and type of extinguisher is generally detailed by local code requirements
  • Passive fire protection – the installation of fire compartmentation to delay the spread of fire throughout the building

Level 2: Room fire protection

This level of data centre fire protection is where national fire codes including NFPA’s standards begin to apply. As mentioned earlier, NFPA standards require sprinkler systems to protect data centres including the following system types:

  • Wet sprinkler systems. While wet sprinkler systems are effective, they are not the first choice for most data centres, as the water is as damaging to data centre equipment as a fire would be. What’s more, if a wet system were to leak or drip, it would also be very damaging.
  • Pre-action fire sprinkler systems. Pre-action fire sprinkler systems also use water to extinguish a fire but require two points of fire detection before the sprinkler system will activate. This ensures your system is only activating when a fire hazard is real. The downside is that this system still uses water, which is damaging to electrical equipment.
  • Clean agent suppression systems. Clean agent suppression systems use an inert gas or clean agent to extinguish and suppress fires. The benefit of a system like this is that it will not damage the sensitive equipment found within a data centre. 

Room level data centre fire protection also includes fire detection systems. Data centres benefit from Very Early and Early Warning Fire Detection (VEWFD & EWFD) systems, as these can actuate fire suppression systems at the earliest sign of a fire, minimizing any damage sustained in the data centre.

Level 3: Rack fire protection

This level of data centre fire protection focuses on protecting equipment at the rack-level. In data centres specifically, fire detection in the early stages can be difficult, as many electrical components are enclosed.

This means a fire can go undetected until it’s become a larger hazard. By implementing rack-level fire protection, data centres can detect and extinguish fires at their earliest stages, minimizing the potential for a larger fire to spread.

Common fire protection methods at the rack level include pre-engineered and automatic fire suppression systems which are installed within the equipment, where they can detect, provide an early warning and suppress fires before they are sensed by the larger room or building level fire suppression system. This ultimately helps to minimise the potential for any damage sustained to sensitive equipment.

Ensuring an acceptable level of fire protection within data centres to satisfy life safety code requirements along with building and business continuity objectives can be challenging. Engaging a competent fire engineer to coordinate all factors within the design and stakeholder requirements is a key factor both within the selection of appropriate and effective fire protection systems and on-going operations of the facility. From assessing the three levels of fire protection to choosing a fire suppression system that protects your assets is a lot for consideration and should be fully recorded within a fire strategy for the relevant building/project.