• About Us
  • Partnership Opportunities
  • Privacy Policy

Data Center Frontier

Charting the future of data centers and cloud computing.

  • Cloud
    • Hyperscale
  • Colo
    • Site Selection
    • Interconnection
  • Energy
    • Sustainability
  • Cooling
  • Technology
    • Internet of Things
    • AI & Machine Learning
    • Edge Computing
    • Virtual Reality
    • Autonomous Cars
    • 5G Wireless
    • Satellites
  • Design
    • Servers
    • Storage
    • Network
  • Voices
  • Podcast
  • White Papers
  • Resources
    • COVID-19
    • Events
    • Newsletter
    • Companies
    • Data Center 101
  • Jobs
You are here: Home / Voices of the Industry / Mitigating Data Center Risk in an Uncertain Economy

Mitigating Data Center Risk in an Uncertain Economy

By Voices of the Industry - September 9, 2019

Mitigating Data Center Risk in an Uncertain Economy

Power and cooling equipment at an Iron Mountain data center in Manassas, Virginia. (Photo: Rich Miller)

LinkedinTwitterFacebookSubscribe
Mail

Jim Henry of Iron Mountain Data Centers shares how comprehensive data center compliance and certification programs can help organizations mitigate data center risk. 

Jim Henry, Global Compliance Analyst, Iron Mountain Data Centers

Today’s interconnected world poses challenges to protecting data and digital assets. With new web services, applications, and AI advancements, cyber threats are increasing. The level of scrutiny is rising, too. 

While the urgent demand for security grows, having a comprehensive compliance program that is constantly reviewed, tested and updated based on the latest best practices can return a sense of control. A strong compliance program operates like a machine, ensuring all systems are in place and working 24/7 to recognize, address and remediate risks. 

What Role Does Your Colocation Provider Play? 

Many organizations choose colocation to ensure and maintain compliance with physical and environmental controls. Meeting regulatory compliance standards for data management is a necessity for almost every company, but it’s no small task. 

A colocation provider mitigates risk through physical and environmental controls from an operational and security standpoint, ensuring maximum security, availability and integrity. Ensuring proper maintenance and operation of critical infrastructure, along with upkeep and continual improvement of a physical security program, are part of a comprehensive compliance program. 

Ongoing audits are integral to compliance, but they are expensive and time consuming. Report keeping is arduous, and compliance regulations change, forcing organizations to adapt or fall behind. 

Partnering with the right colocation provider can take much of this work out of the equation for the customer. 

What are Best Practices? 

From a compliance standpoint, your colocation provider should have a SOC 2 Type II report and ISO27001 implemented at a minimum. These two frameworks can provide customers and third parties assurance that a proper Information Security Management System is in place, and that technical audits occur regularly. 

These frameworks provide a full customer facing report detailing the controls that the colocation provider is subject to. It also details how they performed. Depending on your industry, you may also require frameworks outside of SOC and ISO.

What Goes into Data Center Certification? 

Certifications are a team effort. Think of a Formula One race car. Everything is built to precise specifications and expected to operate at extreme tolerances in even the most dynamic and unpredictable environments. That is how a proper compliance program runs. 

Compliance as a department is dependent on operations, network, security, and human resources for a large bulk of the artifacts reviewed during an audit. 

In addition to this, time is a factor. Even outside of “audit season,” compliance teams must work together to address risks, recognize gaps, and execute process engineering in order to make things run appropriately. A big part of this process is analysis and reviewing data. Data are the drivers for most of the continual improvement measures put in place to make an Information Security Management System thrive. 

Cost is often a consideration that helps determine what frameworks to aim for. When it comes to security, your industry is often the driving factor in those decisions, and anything beyond that should make sense for your business.

What to Ask Your Data Center Provider

It’s important to understand your colocation provider’s compliance program. While colocation offers clear benefits, it’s vital to find the right colocation provider for your business. 

In the colocation arena, whether it’s for retail, hyperscale, or wholesale, the most important compliance question is what certifications and/or reports are present at the prospective site. Certifications and reports should align with your compliance and business needs to ensure the proper physical and environmental controls are in place. 

If the mandates and/or social responsibility of your organization are centered around other aspects of compliance, such as safety, quality or environmental/energy management, it’s good to voice those needs to the colocation provider. 

As the nature of the data center business changes, it’s becoming more and more important to align yourself with a provider that speaks the same language. Beyond the certifications and reports, at a more granular level, it’s important to ask about physical security policies, personnel security policies, service delivery, and availability and change practices. 

Going over these ahead of contract execution will provide due diligence that the colocation provider is operating at all levels expected by your organization, outside of what certifications and reports can communicate.

It’s important to understand your colocation provider’s compliance program. While colocation offers clear benefits, it’s vital to find the right colocation provider for your business. 

Secondly, it’s good to understand if compliance is not only a function, but also a culture at the colocation provider. It’s one thing to talk the talk, walking it is next level. 

This can be reflected in many ways but having a solid compliance point of contact at the colocation provider is a great first step. Establishing that relationship from the beginning and knowing that POC is there for you when you need support is key. 

After all, you are outsourcing your stake in your operations to the colocation provider, so compliance, security, availability and integrity are of upmost importance.

Colocation providers like Iron Mountain Data Centers have met and implemented the security frameworks required to allow organizations to securely host their data and applications in compliant data centers. 

Jim Henry is a Global Compliance Analyst for Iron Mountain Data Centers, where he manages various aspects of the multifaceted, industry leading Information Security, Quality, Environmental, and Energy Compliance program.

Iron Mountain Data Centers has one of the most comprehensive IT Security Compliance programs in the world. This culture stems from the reputation and tradition that we have followed for more than 60 years as trusted guardians of customer assets. 

At Iron Mountain Data Centers, we provide a federal-grade, multi-layered approach to security that includes a combination of technical and human security measures. Our onsite security and trained personnel help to mitigate risk.

Iron Mountain’s comprehensive compliance alignments, reports, and certifications include HIPAA, NIST 800-53, FISMA High, PCI-DSS, ISO 27001 and SOC 2/3, ensuring even the most highly regulated customers are in compliance. 

LinkedinTwitterFacebookSubscribe
Mail

Tagged With: Data Center Management, Iron Mountain, risk mitigation

Newsletters

Stay informed: Get our weekly updates!

Are you a new reader? Follow Data Center Frontier on Twitter or Facebook.
voices@richmiller.biz'

About Voices of the Industry

Our Voice of the Industry feature showcases guest articles on thought leadership from sponsors of Data Center Frontier. For more information, see our Voices of the Industry description and guidelines..

  • Facebook
  • Instagram
  • LinkedIn
  • Pinterest
  • Twitter

Voices of the Industry

Building an Enduring World Begins with Accountability and Defining an Approach for Long-term Success

Building an Enduring World Begins with Accountability and Defining an Approach for Long-term Success TJ Faze, Head of ESG Strategy and Engagement at Vertiv, outlines the company's learnings around its recent ESG efforts.

White Papers

remote power control

Remote Management of Data Center Cabinets

Get the new white paper from Chatsworth Products that explores the most beneficial applications for intelligent rack PDUs with remote power control, defines the key capabilities to require on intelligent track PDUs with remote power control, and lists additional monitoring and security capabilities that should be considered when selecting intelligent rack PDUs for use in laboratories, in remote/edge sites or when colocating enterprise-owned equipment into MTDCs.

Get this PDF emailed to you.

We always respect your privacy and we never sell or rent our list to third parties. By downloading this White Paper you are agreeing to our terms of service. You can opt out at any time.

DCF Spotlight

Data center modules on display at the recent Edge Congress conference in Austin, Texas. (Photo: Rich Miller)

Edge Computing is Poised to Remake the Data Center Landscape

Data center leaders are investing in edge computing and edge solutions and actively looking at new ways to deploy edge capacity to support evolving business and user requirements.

An aerial view of major facilities in Data Center Alley in Ashburn, Virginia. (Image: Loudoun County)

Northern Virginia Data Center Market: The Focal Point for Cloud Growth

The Northern Virginia data center market is seeing a surge in supply and an even bigger surge in demand. Data Center Frontier explores trends, stats and future expectations for the No. 1 data center market in the country.

See More Spotlight Features

Newsletters

Get the Latest News from Data Center Frontier

Job Listings

RSS Job Openings | Pkaza Critical Facilities Recruiting

  • MEP Coordinator - Data Center Construction - Ashburn, VA
  • Data Center Facility Engineer - Chantilly, VA
  • Data Center Site Operations VP - Seattle, WA
  • Senior Electrical Engineer - Data Center - Denver, CO
  • Senior Estimator - Data Center Construction - Denver, CO

See More Jobs

Data Center 101

Data Center 101: Mastering the Basics of the Data Center Industry

Data Center 101: Mastering the Basics of the Data Center Industry

Data Center Frontier, in partnership with Open Spectrum, brings our readers a series that provides an introductory guidebook to the ins and outs of the data center and colocation industry. Think power systems, cooling, solutions, data center contracts and more. The Data Center 101 Special Report series is directed to those new to the industry, or those of our readers who need to brush up on the basics.

  • Data Center Power
  • Data Center Cooling
  • Strategies for Data Center Location
  • Data Center Pricing Negotiating
  • Cloud Computing

See More Data center 101 Topics

About Us

Charting the future of data centers and cloud computing. We write about what’s next for the Internet, and the innovations that will take us there. We tell the story of the digital economy through the data center facilities that power cloud computing and the people who build them. Read more ...
  • Facebook
  • LinkedIn
  • Pinterest
  • Twitter

About Our Founder

Data Center Frontier is edited by Rich Miller, the data center industry’s most experienced journalist. For more than 20 years, Rich has profiled the key role played by data centers in the Internet revolution. Meet the DCF team.

TOPICS

  • 5G Wireless
  • Cloud
  • Colo
  • Connected Cars
  • Cooling
  • Cornerstone
  • Coronavirus
  • Design
  • Edge Computing
  • Energy
  • Executive Roundtable
  • Featured
  • Finance
  • Hyperscale
  • Interconnection
  • Internet of Things
  • Machine Learning
  • Network
  • Podcast
  • Servers
  • Site Selection
  • Social Business
  • Special Reports
  • Storage
  • Sustainability
  • Videos
  • Virtual Reality
  • Voices of the Industry
  • Webinar
  • White Paper

Copyright Endeavor Business Media© 2022