These days, there are probably very few, if any, businesses that can avoid dealing with compliance issues. Many businesses have to deal with multiple compliance programs.
Enterprises often have to deal with the strictest compliance requirements of all. That’s why compliant colocation can be such a useful tool. Here is a quick guide to what you should consider if you are thinking about implementing compliant colocation.
The basics of compliant colocation
Colocation is the strategy of a business renting space in a data center and using it to house its own equipment. Compliant colocation is simply colocation that meets the relevant standards required for one or more compliance programs.
Despite the name, compliant colocation will only take a business partway to compliance with any given compliance program. This is because compliance requires a combination of physical and digital security. In the case of compliant colocation, for the most part, the colocation vendor takes care of the former. The client takes care of the latter.
Compliant colocation vs compliant public cloud
Using a compliant public cloud pushes more of the responsibility onto the cloud vendor (and hence less onto the client). This can be very convenient. The price for this convenience, however, is that the client has less freedom (and more dependence on the vendor).
At the SMB level, the convenience (and cost-effectiveness) of a compliant public cloud solution often makes it the preferred choice. At the enterprise level, however, businesses tend to place a higher value on the ability to make customizations, even subtle ones. They also tend to be significantly warier of the consequences of vendor lock-in.
This means that at the enterprise level, compliant colocation may be a better choice than using the public cloud alone. Compliant colocation may be used as a company’s only solution.
Alternatively, it can be used in combination with other infrastructure. This generally means using compliant colocation plus a compliant cloud to form a compliant hybrid cloud. It can, however, also mean running your own private data center and using compliant colocation (or both).
Considerations for implementing compliant colocation
If you think compliant colocation may be a good solution, here are five specific points you need to consider.
No matter what area of IT (or even business) you are discussing, security is almost always your first consideration (or should be). When you work with a colocation vendor, you are reliant upon them for the vast majority of your physical security. You are only going to have direct control over the space you rent. Even then, the security measures you can take will be of very little use if the vendor’s security is breached.
In addition to maintaining the highest levels of physical security, the vendor also needs to maintain the highest levels of digital security. This is particularly important now that physical security often depends on digital security.
For example, physical security is often enforced by means of digitally-implemented access controls (e.g. access fobs). This means that if a vendor’s digital security is compromised, their physical security is also likely to be compromised.
Reliability is an explicit requirement of some compliance programs (e.g. FedRAMP/FISMA). No provider is ever likely to guarantee 100% uptime. Reputable providers will, however, come fairly close.
These standards should be written into contracts. Even so, companies should think carefully about their ability to invoke contractual penalties in the real world. As a rule of thumb, the closer a vendor’s legal headquarters is to where you are, the easier it is to enforce contracts (and vice versa).
It can be valid to use vendors based overseas. It is, however, important to be confident that their home country’s legal system will act fairly if there is a dispute.
This is related to reliability but is still worth highlighting on its own. What is a potential colocation vendor’s disaster recovery process? The vendor should be willing to provide a reasonable level of information about this. Reputable vendors will be well aware that being able to show robust disaster recovery processes will add credibility to their reliability standards.
With colocation, most of the scope for customizability comes from the fact that you own and run your own hardware. That said, it can still be worth thinking if there are any customizations you would like to make that would require input from your colocation vendor.
Firstly, you need to know what support options are available by default. Secondly, you need to know what extra support could be provided (for an additional fee) if the need arose. It can be very useful to know that your colocation vendor could cover for your own staff or managed service vendor if you ever needed them to do so.
Discover the DataBank Difference today:
Hybrid infrastructure solutions with boundless edge reach and a human touch.