No matter what issues currently dominate the headlines, news channels continue to be populated by items on cyber crime and its threat both to business and to our own personal data. Many millions of dollars and vast swathes of time spent trying to outwit and defend data and systems against it.
Each of us in our personal and business lives transact continuously online and it is ironic that whilst we have come to expect immediacy and effectiveness, we are no longer that surprised when something fails. Moving money within our online banking app and the app fails ….our first thought and hope is that it what we are facing is just a technical glitch… but as we continue struggle to access our accounts, the underlying fear that haunts us is that we have been exposed to damaging and costly fraud. Even if we are in fact left unscathed and the app returns to full operational mode within the hour, that fear and the inability to achieve whatever we were trying to do will tend to leave in its wake an element of negativity in our attitude towards the supplier. And if this experience is repeated a number of times, we are likely to look for alternative sources for which ever product or service we are seeking.
For any business, it is imperative to protect revenue and reputation against downtime or data loss, whatever the cause. And as every business becomes increasingly digitised, IT security and IT continuity continue to be a top concern and priority. In fact, demonstrating the importance of the issue, in November 2018 following a spate of data breaches in the financial sector, the Bank of England led a voluntary exercise to test resilience with 40 firms participating in a day of simulated cyber attacks.
With this ongoing focus on data security for organisations of all types, integrity of the IT infrastructure is as much a concern for CIOs and heads of IT as app and system design and device security.
For many businesses, the whole approach to protection, resilience, recovery and back-up predicates the need for a third party data centre which can provide all the benefits of the latest technologies and processes to secure and sustain your IT at an acceptable cost. However, when sourcing the right provider, what is not always taken into consideration is that whilst data centre providers may all promise to deliver a certain standard of service and to offer the same levels of resilience and security, in practice their actual offerings can differ greatly with significant repercussions on the IT integrity they were supposed to support.
Whilst the right colocation provider can support all your goals – at a pricing level and at a service level that meets your needs - not all colocation data centres are the same. Due diligence in choosing a colocation facility partner can help to avoid basic problems such as poor availability of IT platform, poor performance and lack of flexibility in being able to grow and shrink your needs. All of which means it is important to review the provider’s suitability in both technology and approach to ensure you can rest assured that your critical IT infrastructure is in the right place. If you are considering investing time and money entrusting your business critical IT to a service provider, a visit to the facility is a crucial part of your fact-finding and is vital before committing to anything. A warts-and-all tour of the facility is valuable to help you uncover the reality of the service provision.
A further way to confirm that the data centre claims are valid and true is through third party accreditations. Regularly updated, they illustrate that the provider has been independently and rigorously audited to ensure they meet the required standards. For instance, for a data centre partner to form an integral part of your infosec program, they should be able to demonstrate compliance with IT governance and information security regulation through ISO 27001). Accreditations backed by an in-person and detailed site visit enable you to check how the business is run, validate the offering available and understand the providers approach to each in full detail.
Below is a brief overview of our certified accreditations, with the full details available on our website:
- ISO 9001 – requirements for a quality management system where an organisation needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory requirements.
- ISO 14001: 2015 – criteria for an environmental management system and against which a company can be certified.
- ISO 27001: 2013 – establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation.
- ISO 50001: 2011 – requirements for establishing, implementing, maintaining and improving an energy management system.
- PSI DSS Compliant – Payment Card Industry Security Standards Council statement that Datum is a service provider to PCI DSS 2.0 for online payments.
- EU Code of Conduct for Data Centres – Datum has signed up to the EU Code of Conduct for Data Centres which was created in response to the increasing energy consumption in data centres and the need to reduce the related environmental, economic and energy supply security impacts.
- DCA Class 3 Fully Operational Data Centre – The Data Centre Alliance Certification scheme provides an industry led recognition of a data centre’s designed purpose, its operational integrity, energy efficiency practices and site access security. Class 3 Fully Operation identifies high standards of resilience, environmental control and telecommunications.