Security

At the centre

Read this article

The EU General Data Protection Regulation will place more stringent requirements on companies. Aareon – and in particular its IT experts – are well prepared: after all, the safe handling of sensitive data is part of the Company’s DNA. We visit Aareon’s ultra-secure Data Centre.

It’s very quiet on the top floor of Aareon AG’s registered office in Mainz: bare walls, heavy doors, empty corridors and information signs abound. It’s no place for frequent gatherings, even though we’re at the beating heart of the Company: these lonely corridors form part of Aareon's Data Centre.

1,000
cables
converge in Aareon’s Data Centre to provide customers with the Company’s services.

This facility is operated and certified in compliance with particularly strict German data protection laws. In the period shortly before the EU General Data Protection Regulation (EU-GDPR, see box) enters into force, this is proving to be a major advantage: “We started to tackle GDPR, which regulates aspects of data protection, data security and IT security, at an early stage,” says Mario Werner, Director of Group IT Services. “In terms of IT security at least, nothing much has changed from our point of view, as many of the regulations have long been in force in Germany.”

Autonomous infrastructure for emergencies
Even before the implementation of EU-GDPR, Aareon’s Data Centre provided a level of security, know-how and availability that customers would be hard-pressed to achieve on their own. It has a completely autonomous infrastructure with its own power supply, emergency power supply and ventilation systems. Vast red argon-filled cylinders are on hand to extinguish flames in the server rooms in the event of a fire. A second, mirrored Data Centre is located at the parent company Aareal Bank in Wiesbaden for backup purposes.

PS-951nF
certification
Aareon’s Data Centre is certified for compliance with the recognised auditing standard of the Institute of Public Auditors in Germany (IDW).

“Regular security testing is important,” says Herbert Stäudel, Head of Group IT Architecture. Infrastructure failures, hacker attacks and other threats are simulated. Those who wish to obtain physical access to the facilities not only require a special access card, but also have to get past a biometric lock. Stäudel holds his right hand up against a small box next to the door behind which the servers and network are located. “This is a hand vein scanner. The hand vein pattern shows detailed individual characteristics, making for an excellent form of identification,” explains the expert as he pulls open the heavy door.

A sensor checks the characteristic pattern of hand veins to prevent unauthorised persons from gaining access to Aareon’s Data Centre.
Photo: Klaus Helbig, Frankfurt am Main, Germany
Should a fire break out at Aareon’s Data Centre, it goes without saying that water would not be a suitable means of extinguishing it. Argon is available for use in an emergency.
Photo: Klaus Helbig, Frankfurt am Main, Germany
4.5
million
e-mails are processed on average by Aareon’s Data Centre every month, some 90 per cent of which is classified as spam.

Into the future with the cloud
Inside, we are met by the loud humming and buzzing of machines. The ventilation system ensures that all the technology, which is housed in large black cabinets, is kept at the optimum temperature. This is home to the Aareon Cloud, used by companies at international level. It guarantees access to the relevant data from Aareon Smart World – the Company’s digital solution portfolio – at any time and from any location. “We support property companies as they embrace the digitalisation process. The cloud is ideally suited for this purpose: not only does it provide customers with a reliable, tried-and-tested service, but it also ensures optimum use of capacities and resources,” says Werner. The Company is pressing ahead with international expansion: over 1,000 companies from the property industry and other sectors already use Aareon’s Data Centre, including some 300 customers outside Germany.

The two IT experts can only hazard a guess as to what the data centres of the future might look like: technological innovations in the fields of artificial intelligence, 3D storage and quantum computing, as well as topics such as regulatory systems and IT security make for an extremely dynamic market. One thing they do agree on, however: “Data centres will become smaller as processing density increases and technology becomes more powerful,” says Werner. “I joined Aareon in 1993, when this room would have been jam-packed with technology – but still had just one thousandth of the capacity it has today,” recalls Stäudel, as the door to the servers clicks shut behind him.

The loud humming noise gradually fades away and silence once again reigns in the corridors of Aareon’s Data Centre as the beating heart of the Company continues its solitary operations.

1.25

PUE ratio

makes Aareon’s Data Centre extremely energy-efficient. PUE (Power Usage Effectiveness) is the ratio of how efficiently a computer data centre uses energy and is obtained by dividing the amount of power entering a data centre by the power used to run the computer infrastructure within it. The Data Centre runs exclusively on green electricity. Aareon uses the waste heat to assist the building’s heating system and replenish its store of geothermal energy in the summer.

The EU-GDPR

The Federal Criminal Police Office reported 82,649 cases of cybercrime in Germany in 2016 – an increase of 80.5 per cent on the previous year. However, the EU General Data Protection Regulation (EU-GDPR), which enters into force on 25 May 2018, is not just supposed to tackle crime, but to prevent unintentional errors too. In brief, it aims to render data processing more consistent, more secure and more accountable. This also applies to the processing of EU citizens’ personal data by companies based outside the EU. Organizations in breach of GDPR can be fined up to EUR 20 million or 4 per cent of their annual revenues.

Aareon started to tackle the new regulation early on, adopting a strategic approach – after all, customers who manage thousands of residential units have a great responsibility vis-à-vis their customers. A Group-wide project was launched with the support of a law firm with international operations to ensure GDPR compliance by 25 May 2018. The measures affect several departments: aspects to be taken into account include the product portfolio and consulting as well as customer and supplier contracts, and internal processes in addition to HR and applicant management.

The solutions provided by Aareon will enable housing companies to satisfy the new statutory requirements in their day-to-day operations as soon as GDPR enters into force. Aareon will ensure that all its solutions are GDPR-compliant, that every data processing operation undertaken internally has a demonstrable legal basis and that the rights of data subjects, such as the right to access and right to erasure, are implemented.

Mario Werner studied business administration and electrical engineering and has been responsible for international IT at the Aareon Group since April 2017. His team also includes Herbert Stäudel (Photo below). The IT expert has been working at Aareon since 1993 and is currently head of the Group IT Architecture unit.
Photos: Aareon AG, Mainz, Germany

Research

Looking app

Study explores potential for new digital solutions

Change

Working world 4.0

New approaches for new working methods