<img src="http://www.gblwebcen.com/41894.png" style="display:none;">

Volta Data Centres Blog

Let's get physical, and compliant - by Phil Alsop, Editor, DCS Europe Published

Posted by Volta Newsroom on 31-May-2018 16:02:40

What should highly regulated industries look for in a data centre partner?

As discussed in previous blogs, the arguments for moving some, or all, of your data centre and IT infrastructure to a colocation facility and/or into the Cloud are extremely compelling. Put simply, the expertise, technology and flexibility available via the outsourcing route is out of reach for all but the very largest enterprises when compared to keeping IT in-house.

_MG_0104 New

Yes, there might be some kind of ‘leap of faith’ required to let go of your data centre and IT assets, and trust them to somebody else, but the short and longer term benefits should soon dispel any lingering doubts. Ah, but colocation and/or Cloud might make sense for a ‘standard’ business, but what if I operate in a highly regulated industry sector? Can I be sure that, when the industry regulator comes calling, my colocation partner or Cloud provider(s) has been as diligent as possible in terms of compliance? Put another way – am I better off keeping everything in-house, where I know that everything is compliant with, say, the financial sector’s specific requirements and regulations or am I just as ‘safe’, or even better off, allowing a third party to carry out this compliance duty of care?

First-up, it might be worth pointing out one or two reasons why, in choosing the outsourcing option, the claims of a colo may well grab your attention more than those of a Cloud provider.

A colocation provider gives you a building, cooling, power, bandwidth and physical security but you install and maintain your own servers and storage – giving you an important element of direct control; a cloud provider does everything for you – taking away control.

Should there be any service or support issues that require attention, the colo has a direct contract with you - therefore you should have leverage with them to get the problem fixed as quickly as possible. In contrast to a colo’s ability to react quickly to any requests you might make, with a Cloud provider you are, potentially, just one of many customers powerless to do anything in terms of putting pressure on the Cloud provider’s data centre provider as and when required. Furthermore, the Cloud provider’s data centre might be on the other side of the world and less likely to respond as quickly as a colo.

For highly regulated industries, maintaining a significant degree of control, as with the colocation option, is very important when it comes to ensuring compliance.

Okay, so that’s the key issues in the colocation versus Cloud debate addressed. But, what should a company working in a highly regulated industry look for from a colocation partner?

Security. And before you turn away, bored to death with having read endless news stories, blogs and articles about cybersecurity, let me tell you that, at least to start with, we’re talking physical security.

Drive up to a colocation facility and your initial impression should be that you’ve mistakenly arrived at a military base! Try to gain access and you shouldn’t be surprised to encounter, indeed, you should positively welcome physical barriers – mantraps, locked doors and the like; biometrics (fingerprints and/or iris recognition) and monitoring systems (yes, you’re on camera!). Inside the facility there will be layered security zones, ensuring that only correctly authorised personnel are admitted to the one(s) for which they have permission.

Contrast this with an office building that also houses your company’s data centre. Employees and contractors wandering about the building – should they be there, should they not? How many barriers between any individual and access to the data centre?

Now, if you really have reached saturation level when it comes to cybersecurity and GDPR compliance, feel free to go and make a coffee, but don’t slip into complacency and forget just how important is the topic of IT security and compliance. Ask yourself the question: ‘Who would I rather have in charge of the overall security and integrity of my data centre infrastructure – a couple of in-house ‘generalists’ or a colo whose ‘only’ job is to ensure the safety and integrity of the data centre infrastructure?’ The answer to this question will give you a fair idea of why you should (or should not!) trust a colo.

We can’t not mention GDPR in passing. The dust has yet to settle in terms of what the regulations actually do require, as opposed to what various individuals and organisations think that they require. As a colo doesn’t actually touch customer data, so the colo will not be the ‘weak link’ in the compliance chain.

Of course, it’s not just about GDPR. NIST, ISO 27001, SOC2, SSAE-18 Type II, PCI DSS, ISAE 3402, HIPAA and, no doubt, other industry-specific and more general regulations exist for a reason and the colo you choose should have more than a working knowledge of the overall regulatory landscape if they expect to be taken seriously as an in-house data centre alternative.

And the proof of this level of knowledge and expertise should be available to prospective customers in the form of an independent, third-party audit. In other words, you don’t just have to take the colo’s words and claims on trust, you can read the auditor’s report which will confirm that the colo facility does what it says not just on the tin, but in the operations manual as well.

One final thought – flexibility. A helpful colo partner will work with you to help you demonstrate compliance to your regulator. That might mean allowing you relatively short notice access to your servers, or answering a regulator’s query either directly, or via your customer.

Flexibility of a different kind – the ability to scale up the infrastructure a colo provides – could also be useful in many regulated industries, where date-based higher than normal workloads put pressure on your IT and the data centre in which it is housed. A minor point maybe, but all part of the overall requirement to identify a helpful, flexible, knowledgeable (but willing to learn as well) colocation partner.

Topics: Volta News

Subscribe here!

Recent posts