“Colocation is not secure enough for financial banking IT.” “Colocation will not meet the PCI DSS compliance requirements that we have in banking.” “Colocation would not provide the network performance that we require.” Does this sound familiar?
Colocation facilities play an essential role in the storage and security of a banking organization’s data and digital information. Larger banking corporations may opt to store their servers within their owned and operated data centers. However, many other financial institutions choose to rely on other companies to run and protect the data center and will pay them for power consumption and space. This outsourcing of data center floor space is called colocation.
Colocation provides secure, redundant, scalable, and affordable options that are vital to the growth and success of businesses. Yet, due to the integral role they play, colocation facilities are often subject to industry myths and falsehoods.
After hearing from financial IT industry experts all over the world, we have noticed a pattern in some common myths and misconceptions associated with colocation that we’d like to debunk.
#1 Colocation Is Not Secure Enough and Will Not Meet Our PCI Compliance Requirements
While it is important for any online retail store or business handling financial transactions online to be PCI compliant, it is absolutely critical for banks and other financial institutions to maintain PCI compliance to protect their customers’ financial information.
Banks and other financial institutions not only house personal and sensitive financial data for their customers, they process high volumes of transactions between accounts every day. Not meeting the PCI 3 requirements could result in failing an audit and exposing banks and financial companies to risk of data breaches as a result. Colocation providers, like LightEdge, understand the severity of PCI DSS compliance and the risks associated with failing an audit.
Because if this understanding, colocation providers have built their facilities around PCI DSS compliance requirements to ensure their banking customers have the highest security and are set up for success with their compliance audits.
Reinforcing a financial organization’s security posture, colocation provides the opportunity to standardize business decisions and determine the optimal place for data to reside. The challenge with that is the added complexity of safeguarding data as it crosses colocation, public cloud, and private cloud environments.
Banks can strengthen their company’s risk mitigation and compliance posture with a company who has deep experience with PCI. LightEdge is a validated PCI DSS (version 3.2) Level 1 Service Provider. This validates that our in-scope data center facilities meet PCI’s prescriptive security requirements.
PCI Compliant Colocation Features
Colocation providers a high level of availability and reliability through secure, certified data centers and dedicated staff onsite. World-class colocation providers typically offer disaster recovery solutions delivering advanced shared infrastructure designed to enable operational and financial efficiency, reducing the burden on your IT staff. When vetting out a compliant colocation provider, ensure they undergo annual assessments of the latest PCI DSS requirements. If completed successfully, they can use their expertise to keep your organization up to date on the latest controls. Here are some other PCI compliant colocation features to look for:
- Data Center Security Features: Layering security through the physical infrastructure of the data centers from the hardened shell to access control systems and surveillance is critical. Environmental Security is also essential. Colocation facilities should be designed with the most-up-to-date security technology features to reduce risk from the inside out, including multi-factor authentication and secure check-in processes. Network Security is the final piece of the puzzle. Colocation facilities should integrate multiple layers of defenses in their network, including firewalls, virtual private network (VPN) and Data Loss Prevention (DLP).
- Regular Monitoring and Network Tests: Tracking and monitoring all access to network resources and cardholder data, including the regular testing of controls, systems, and processes is critical. Log files, system traces or any tool enabling the tracking of access to sensitive data is critical in preventing, detecting, or minimizing a data breach.
- Compliance Resources: Your colocation provider should have designated PCI compliance experts who are responsible for maintaining PCI DSS standards, as well as any other compliance regulations that impact your industry or that of your clients.
#2 Colocation Will Not Be Able to Support Our Bank’s Networking Needs
There are some colocation providers that have limited offerings when it comes to network carriers that offer colocation services. Look for a colocation provider that is carrier-neutral. They will be able to support your bank’s networking needs. Carrier-neutral colocation facilities offer a much larger variety of carriers and options for connectivity.
A larger variety of carriers also means competitive pricing. You will be able to leverage the design of a redundant vendor network. Look for a combined best-of-class networking and equipment with top tier providers and fiber connections to ensure the utmost in data center connectivity. While network services vary across our seven colocation locations, here the highlights that stand true for each:
- Carrier neutral with the ability to deliver high bandwidth, high reliability, and low latency service
- Multiple dedicated carriers within the data center
- Local private network connectivity up to 10Gb
- Connectivity to the LightEdge Cloud for direct access to other data centers
- Nearly unlimited bandwidth
- Multiple paths into our nearby cities and back out for a network that literally cannot go down
- No single point of failure anywhere
What to Look for in a Colocation Network Connection
LightEdge has a fiber backbone linking each of our seven data centers, making it impossible for our network to ever go down. We are able to promise the banking and finance industry 100 percent uptime at all of our redundant colocation facilities. Here is a list of Network and Power features that you should look for when vetting out your next PCI compliant colocation provider:
- Two or more utility feeds from diverse substations and/or power companies
- Each with their own isolated and independent transfer switch, generator, UPS, and distribution panels
- Onsite generators sized to handle not only the data hall load, but the cooling load, as well
- Two or more independent cooling plants with independent air handlers in each room and each having redundant power feeds to multiple power/generator feeds
- Building management systems that actively monitor capacity, health, and operational state of all power and cooling components
- A refueling strategy in an event of a prolonged utility outage
- Network meet-me rooms to provide organized and secure access to carriers with access to 5 or more fiber carriers
#3 The Growth of Cloud will Cause Colocation to Become Unnecessary
Regardless of the industry, the growth of cloud will cause colocation to become unnecessary has become one of the most popular colocation myths. It is true that cloud services continue to grow in popularity. In fact, the worldwide public cloud services market is projected to grow 17.5 percent in 2019 to total $214.3 billion, up from $182.4 billion in 2018, according to Gartner, Inc.
In addition, A new IDC study shows private cloud spending increased 28.2 percent year over year. Off-premises private cloud, in particular, is seeing strong growth. However, fear of the cloud’s growth is misguided. The cloud is not replacing onsite servers, and it is not replacing data centers and the need for colocation.
In fact, colocation continues to rise alongside of cloud trends. According to a report by Zion Market Research, the global data center colocation market was valued at approximately USD 31 billion in 2017 and is expected to generate revenue of around USD 105 billion by 2026, growing at a compound annual growth rate of around 14.2 percent between 2018 and 2026. The United States is anticipated to lead the data center colocation market globally over the forecast timeframe.
The colocation facilities industry has fared extremely well over the five years to 2018, as the continual move toward online operations has boosted demand for server space. Cloud is not causing colocation to go away; it is aiding to its growth.
#4 Colocation Cannot Support our Future Growth
Scalability and future growth is exactly why businesses turn to colocation in the first place. A main function of colocation is to support business growth. If an organization were to build their own on-premises data center, they would face the challenge of determining what the best size would be.
Not only would the data center facility need to meet their current requirements, but also be able to scale for unpredictable future capacity needs. There is a major risk of spending money on space that will never be needed. If you over-build, you could waste precious resources that could have been used to grow your business.
Cost of Scalability
On the other hand, if an organization doesn’t have enough space, they risk having to build another facility or adding on a costly expansion. Considering these major risks that come with building your own data center when you aren’t inherently a data center company, many are turning to data center providers to deliver proven, scalable and cost-effective solutions.
Multi-tenant data centers allow for companies to take advantage of the compliance, security, and most importantly, the cost savings. In addition to the cost savings for sharing data center space, organizations can take advantage of a colocation provider’s compliance certifications. Participating in third-party audits and, maintaining certifications such as PCI can be costly. If you look for a colocation provider, your organization can outsource this cost of compliance.
Whether your financial organization has one server or many more, it does not matter. With colocation, you will always have the option to upsize or downsize depending on your needs. Yet, scaling up has particular benefits to housing your servers at a colocation facility, and as a growing business, this would be the ideal fit for you.
Scalability of a colocation facility’s network is the ability to construct and expand a network with simple, repeatable designs that can accommodate increased traffic or new devices without impacting applications, workflows, or the cost per port.
LightEdge Busts all of your Banking Colocation Myths
LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected. Trust our expertise to ensure you are covered through our security and compliance services, including risk management, information security, audit preparedness and support.
LightEdge has PCI DSS secure data center locations at our Des Moines, Kansas City, Omaha, Austin and Raleigh data center facilities. With LightEdge, you can achieve auditable PCI compliance. With a specific background working with financial institutions, our data center and hosting solutions provide you with confidence you need to meet PCI DSS requirements.
LightEdge offers a free risk assessment from our compliance experts as an included resource to all of our customers. Compliance and security are top priorities to guarantee that your data is protected. Our colocation Services have been validated against the PCI DSS to provide you with the confidence you need to meet your compliance requirements and secure the credit card data you process. Work alongside LightEdge’s engineers to review the compliance process and develop any necessary documentation. LightEdge is compliant with:
LightEdge builds security and redundancy into every detail of our data center facilities and service offerings, and our engineers have the know-how to advise you on meeting your compliance requirements, regardless of industry standard.
If you are interested in getting a risk free assessment from our banking compliance experts, a tour of any of our PCI DSS compliant data centers or to learn more about LightEdge’s compliance offers, contact us here. We have cloud hosting security and compliance experts standing by to answer any of your questions.
If you want to learn more about compliant colocation, download our two e-books, 10 Critical Questions to Ask Your Data Center Provider, How Colocation Facilities Can Cure Your IT Headache, and How to Tech Guide: Encryption for Data Security.
- 5 Steps to Strengthen Financial Data Security
- What are Effective Information Security Policies for the Banking Industry?
- How to Determine if your Business is PCI Compliant
- Des Moines’s Newest Cash Crop: Data Centers
- Seven Common E-Commerce PCI Compliance Myths Explained
- 6 Important Considerations for Choosing a Secure Colocation Provider
- PCI DSS Cloud Compliance: Your Guide to a Smooth Cloud Migration
- The Best of Both Worlds: Colocation and PCI DSS Compliance
- 5 Reasons Your Growing Business Needs Compliant Colocation