BY DAN KURTZ, Director, Business Development and Data Centers, LightEdge Solutions
Colocation is becoming more popular as business owners learn how data centers work and the many benefits that come along with getting data off-site. Many businesses initially operate and manage their own computer hardware and systems internally. Once they begin to scale and grow, however, it becomes a financial decision about whether it makes sense to invest in the costly upgrades or find a partner that can help absorb some of these costs. Building a separate computer room on-site with the appropriate systems and software, updated equipment, and physical heating, cooling, and power requirements in place can be a major expense to a company. Not to mention the redundancy they will want to have in place.
Say you’ve decided colocation is the right option for your business. How do you go about selecting the best provider to keep your critical information safe?
Companies that utilize data center colocation need to make sure their provider undergoes the appropriate audits and holds all vital industry certifications in order to meet evolving compliance standards. Security in the form of both physical safeguards and virtual compliance is essential to consider. Multi-tenant data center facilities ensure computer equipment is well cared for in a secure location with proper climate control, fire suppression and backup power supported by generators. What about all of the elements you can’t touch, though?
Compliance standards are a vital piece of colocation considerations, because they show the provider you’re entrusting your core business to take your security seriously. Most of your own customers are probably held to regulatory guidelines, as well, so these standards can also be used to help you prove their data is in safe hands with a partner you can both trust. Resulting in peace of mind and audit confidence for all parties.
There are many types of certifications that colocation data centers can undergo to ensure they are compliant. Each certification addresses a different type of compliance for a multitude of industries. For example, some certifications manage incidents and capacity, while others secure the information security management framework. There are even some that ensure the data stored in the cloud is secure, available and accessible at all times.
When it comes to industry-specific regulations that companies must adhere to, the financial and health care sectors are huge players. An effective colocation provider should always be certified for the Payment Card Industry Data Security Standard (PCI-DSS) to guarantee they are capable of managing data for companies that process and store credit card information. For the medical industry, the safeguarding of patient and health insurance information is essential, and comes in the form of the Health Insurance Portability and Accountability Act (HIPAA).
In order to receive these certifications, a data colocation provider must undergo a rigorous process. It begins with training its employees, assembling a review board, creating an incident processing procedure, then following all of the stringent processes until they prove they’re meeting all requirements. If done properly, they will then pass the annual audit. Colocation providers that have undergone this process tend to be better equipped to handle customers’ issues because they are thoroughly trained in the business of the client.
Not all data center colocation providers receive these certifications, because they can be quite costly and very time-consuming to pass. However, an increasing number of colocation customers are becoming more sophisticated, asking the right questions, and undergoing third-party audits of their own. As a result, it’s becoming vital for a colocation provider to show proof that they have been independently audited and maintain the securities and standards needed to help clients stay compliant.
One key thing to note is that colocation customers may still have their own set of industry regulations and auditing they may have to undergo, independent of the data center facility itself. For example, a bank will still have its own internal data center that will also have to be deemed secure. However, if the colocation provider is compliant, that will assist the customer in being one step closer to achieving theirs as well.