IT Asset Protection: How One Colocation Provider Does It


In this informative webinar on August 30th you will hear security experts discuss practical ways t

For colocation provider vXchnge, security isn't just a matter of strong defenses. It also involves planning for the worst.

Willie Sutton, an infamous bank robber from the 1920s through the 1950s, denied ever saying that he robbed banks "because that's where the money is." Nonetheless, this apocryphal declaration of the obvious could equally well apply to hackers and data centers.

After providing computing infrastructure and the power to run it, data centers have to prioritize security. Without security, a data center is a data breach, and that's not an enduring enterprise.

Information technology professionals know this well. Anyone who has visited data center of any size can attest to the evident security measures. These are not places you can just walk into for a tour of the server racks.

But not all data centers handle their responsibilities to clients with equal diligence.

When MetricStream, a provider of Governance, Risk, and Compliance (GRC) services for enterprises, sought a colocation provider for its cloud-based applications, it chose vXchnge, which operates 15 colocation data centers across the US.

A colocation provider offers infrastructure, power, and security for the site, along with a local network, while its customers provide and manage their own hardware and networking.

vXchnge, in July, earned the ISO/IEC 27001 certification, which evaluates the company's Information Security Management System (ISMS), across all of its data centers.

Sameer Aghera, product manager at vXchnge, said in a phone interview that his company is the first edge colocation company to be ISO/IEC 27001 certified. The company's facilities also adhere to other standards, specifically SSAE 16 Type II, SOC 2 Type II, HIPAA/HITECH, and PCI DSS 3.1.

For MetricStream's customers in banking and healthcare, like Pfizer, Societe Generale, and UBS, all of that matters.

"MetricStream deals with compliance and regulatory issues on a daily basis," said Aghera. "They came to us originally to look for a colocation provider that put security at the forefront."

Aghera said that when most people consider data center security, they look at the physical security measures in place, like doors and access controls. At the company's newest facility in Philadelphia, he said, there are six levels of security that one must pass through to reach actual hardware.

Customers often ask about access control logs, he said, to understand the comings and goings of employees at vXchnge facilities. "Our internal customer platform allows customers to go in and see which employee entered the data center."

But there's more to it than that. "We use people and policies to manage our security program," said Aghera. "The most important thing for us is that we see security as a company-wide initiative that affects all levels of the business."

In practice, that means every new employee takes security awareness training and takes a refresher course annually, said Aghera. There's a dedicated ISMS team with stakeholders from across the company that meets regularly.

vXchnge differentiates itself through its people, processes, and policies, he said. "Policies are probably one of the more underrated parts of data center security."

The company's policies cover physical security, information security, network security, and HR security. This allows the company to take a proactive approach by having incident response plans, disaster recovery plans, and business continuity plans to deal with any issues that arise.

"Where a lot of our competitors maybe are not as robust as us is they don't have these plans in place if something happens," he said.

[Can automation improve your business? Read 10 Ways Bots Can Improve Your Business Processes.]

Another point of differentiation, Aghera claimed, is the company's use of real-time RFID-based asset tracking, which customers can use to understand the status of hardware in vXchnge facilities.

Vidyadhar Phalke, CTO of MetricStream, told InformationWeek in an interview that in the GRC market, while data may not be highly confidential ERP data, it's nonetheless sensitive information about internal controls, internal audits, and evidence of what failed.

"In a nutshell, it's sort of your dirty laundry."

What MetricStream looked for in a colocation provider, said Phalke, was a very clearly articulated segregation of duty. "Any IT organization needs to look at clearly defining where the boundaries for the IT organization stop and the data center kicks in."

Such clarity provides reassurance, an essential component in regulated industries, and also in cloud computing. "In the cloud world, it becomes cloudy, and that grayness makes things hard to decipher when something serious happens," said Phalke.

Phalke said vXchnge has a strong understanding of where boundaries start and stop, and also cited its flexibility in terms of being ready for client visits with only an hour's notice.

There's no easy way to test how vXchnge's practices compare to those of competitors, because many security incidents are never made public. But Aghera said vXchnge reports security incidents as part of its annual audits, and the company has not reported any such incident over the past year.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    YouTube Testing Native Sharing, Threads of Videos and Conversations With Friends

    Rolling out to a very limited amount of users, YouTube is testing a messaging and sharing feature from directly within the YouTube app on Android.With this feature, called Native Sharing, users can share YouTube videos to other YouTube users, without the need of leaving the app itself.
  • 5300c769af79e

    Business Card Request Form

    Afghanistan Albania Algeria American Samoa Andorra Angola Antigua and Barbuda Argentina Armenia Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Brazil Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Colombia Comoros Congo, Democratic Republic of the Congo, Republic of the Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic East Timor Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Faroe Islands Fiji Finland France French Polynesia Gabon Gambia Georgia Germany Ghana Greece Greenland Grenada Guam Guatemala Guinea Guinea-Bissau Guyana Haiti Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kosovo Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Mauritania Mauritius Mexico Micronesia Moldova Monaco Mongolia Montenegro Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Zealand Nicaragua Niger Nigeria Northern Mariana Islands Norway Oman Pakistan Palau Palestine, State of Panama Papua New Guinea Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Rwanda Saint Kitts and Nevis Saint Lucia Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten Slovakia Slovenia Solomon Islands Somalia South Africa Spain Sri Lanka Sudan Sudan, South Suriname Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Togo Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Vatican City Venezuela Vietnam Virgin Islands, British Virgin Islands, U.S.
  • 5300c769af79e

    App Annie buys Mobidia to combine app download and app usage analytics in 60 countries

    Today the company announced an acquisition that will combine those download and revenue numbers with actual app usage data.“We’re combining the two best technologies in the world,” App Annie CEO Bertrand Schmitt told me earlier this week.
  • 5300c769af79e

    CFB Strategies Cofounders Anderson and Vaillancourt: Catching Up With CRM

    Trace Anderson and Robert Vaillancourt are cofounders of CFB Strategies, which provides data management for political campaigns and nonprofits.Robert Vaillancourt: A lot of the time [everyone's] wearing multiple hats, so they're not only the fundraiser but the campaign manager or the event coordinator.