It seems like a new data breach hit the news every week these days. Company after company, many of them national and international behemoths, have suffered not just incursions into their data, but thieves have actually stolen personal information on customers. Colocation may be a solution that will help alleviate this issue.
Even the federal government isn’t safe, with the IRS being the most recent agency to suffer a massive breach that gave the personal information for millions of US taxpayers to hackers. Between 2014 and 2015, there were 212 million households in the US alone affected by data breaches.
Several points can be drawn from the state of the world today.
- Data is now more valuable than currency, stocks, bonds or other traditional assets, making it the most tempting target for thieves.
- No one is immune from the threat of a data breach, regardless of business/organization size, industry or anything else.
- A single data breach can cost a business an incredible amount of money, but it can also devastate them in terms of customer trust and goodwill.
- Companies can and are being held accountable for data breaches, and most states now require businesses to notify those affected by a data breach if personal information was compromised. Most of the recent large data breaches have resulted in government investigations into the company and its security practices, as well as fines.
- Current regulations are constantly being revised and revamped, and new regulations are being issued as more data breaches occur.
The Problem of Security
For all businesses, the question of data security is of paramount importance. A single phishing attack can result in serious damage, and phishing is only the tip of the proverbial iceberg when it comes to potential threats. There are myriad other threats, from unauthorized user access to physical theft of hardware to data monitoring. Businesses of all sizes spend a significant amount of money each year on security from antivirus software to firewalls in an attempt to mitigate these threats, but they continue to proliferate.
One solution that is gaining prominence is to use colocation. In this scenario, a company’s data center is taken out of the company’s physical location, and placed onto protected servers within an offsite colocation center. Essentially, you rent hardware and software, but you give up no control over that data. Colocation companies are able to provide stronger protection for a business’ data. This is because colocation providers specialize in this area, while businesses must rely on their IT team to handle those needs, and those departments are often crippled by a lack of funding, a lack of personnel, and many other factors.
Colocation and Future Data Breach Regulatory Adherence
In the US, regulatory adherence concerning data breaches is a tricky thing. That’s because there is no single overriding federal policy. Instead, there are several broad-focus federal initiatives, such as Sarbanes Oxley and the FTC Act. These are combined with state-level laws and regulations, resulting in a patchwork of confusing requirements that sometimes work together, but sometimes contradict one another. Combine that with the fact that some regulations apply to businesses in all industries, while others apply to only specific industries or sets of industries (HIPAA, for instance).
Combine this with the fact that over 25% of business data centers are collocated today, and you can see why it is so imperative that these facilities offer regulatory adherence, both now and in the future. So, how do they manage this feat?
One of the most crucial steps a colocation facility can take to address current and future data breach regulatory adherence is regular auditing by a third party. This provides proof that the colocation facility is compliant with current standards as they roll out, as well as previously issued requirements. This information is shown as the following:
SSAE 16: Compliance with SSAE 16 means that the colocation provider complies with the Statement on Standards for Attestation Engagements from the AICPA.
SOC 2: Compliance with SOC 2 means that the provider is compliant with controls in privacy, availability, processing integrity, security and confidentiality.
PCI DSS: Set forth by some of the largest credit card companies in the world, PCI DSS compliance proves that the provider is adhering to the very stringent requirements listed by the PCI Security Standards Council.
HIPAA: HIPPA is one of the best-known lists of regulations in the US, but it only applies to specific industries – those working within the health and insurance sectors.
Colocation providers go to great lengths to ensure that they are compliant with as many current and upcoming regulations as possible. One reason for this is competition – the industry has become crowded in recent years, and as more colocation facilities come online, they must find ways to differentiate themselves from others. Regulatory compliance is one of the best ways to do this, since awareness of data breaches is at an all-time high. In the same vein, it is absolutely critical that these companies remain abreast of changes to these regulations and agile enough to implement them as soon as they are issued.
For any business that deals with sensitive information, protecting against a data breach is mandatory. Today, that entails working with a leading colocation provider who regularly undergoes third party audits and is compliant with today’s regulations. Such a provider can offer peace of mind and protection in many critical areas, including network and data security, backup and recovery, management oversight, data monitoring, incident management, access control and more.