For most businesses, acquiring space from a data center colocation provider is the better business and technical decision. Maintaining a private facility requires excess time, money and expertise that could be better allocated to the core mission of your company. The increasing security and compliance demands can be too much for in-house data centers to keep up with.
Most executives will agree, keeping their data secure while still having access to it is a concern when looking at third-party data centers. With data center security and control as top priorities, here are five factors to add to your data center checklist when selecting a colocation provider.
Data Center Checklist:
1. Secure Location
When buying or leasing real estate, they say location is important. It is no different with data center and colocation facilities. These facilities can hold millions and even billions of dollars in computer equipment, so it’s imperative they are in a safe and secure location. Here are a couple of location-related factors to note during the evaluation process:
When it comes to data center location, providers need to consider geographic stability. That includes climate protection, seismic activity, terrain type, etc. To ensure your data environment is secure, a data center colocation provider should be located in a risk-free environment.
Natural Disasters & Man-Made Issues
The data center needs to be in a place where it is safe from natural disasters such as hurricanes, earthquakes, tsunamis and floods. Any facility should be built outside of a 500-year flood plain area to avoid flooding. Man-made issues such as the potential for terrorist attacks also need to be considered. In a less populated area, there is lower risk because it is less likely to happen.
With all these factors to consider, it can get overwhelming to know what to look for in a geographically stable data center. To help simplify the process, here are questions you should be asking potential providers:
- What is the data center’s seismic zone?
- Is the data center F4 tornado resistant?
- Is the data center outside 500-year flood plains?
- Is the facility near or within earthquake fault lines?
- What are all other precautions taken to avoid natural disaster damage?
While there is currently a shortage of technology experts across the country, the Midwest and Texas are home to a large pool of highly educated employees with computer talent and expertise. Austin, Texas was ranked the top city poised to be the next Silicon Valley tech hub by Forbes. Inc.com and The New York Times also reported that the Midwest has become a growing tech hub as Silicon Valley is becoming too “crazy”.
With the influx of technology jobs appearing in the Midwest, smaller markets have seen an increase in the number of tech talent.
Cost of power
Power typically represents the largest cost in a data center. Therefore, choosing a provider with lower power costs will ultimately lower your overall cost. Third-party providers’ power costs are typically locked in, whereas in-house operations are subject to fluctuating power costs.
The Midwest has some of the lowest power costs in the United States, which is a key factor in considering the expense to operate a colocation facility.
The cost of power in Midwest is significantly cheaper than in the coastal regions or larger metropolitan areas. For example:
- Wyoming ranks number one for highest energy costs in the United States, while District of Columbia has the lowest energy costs reported by WalletHub.
- Iowa ranks 5th for lowest cost of energy and Nebraska ranks 9th for lowest cost of energy.
Data center colocation providers pay fewer taxes to have their facilities in the Midwest, specifically in Iowa thanks to a 2009 law, according to the Iowa Department of Revenue. Iowa lawmakers passed a law that excludes data centers of at least 5,000 square feet from paying sales tax on the sale or rental of computers, equipment and property related to computers that are necessary for the maintenance and operation of the business. These data center providers must meet investment guidelines and design requirements to be eligible. Backup power generation fuel and electricity for the data center’s use also are exempt from sales tax.
Computers and other equipment used for the data center are exempt from property taxes under Iowa law, for those data centers that meet the above requirements. This could mean millions of dollars in savings for larger companies that have more equipment.
2. Data Center Design & Physical Infrastructure
Another reason why companies are looking to data center colocation providers to host their data is because of the physical security features they provide. Many in-house operations cannot provide the same level of security and resources that a top-tier facility can. When it comes to your mission-critical infrastructure, physical security should be a top factor to consider. Here are a couple physical infrastructure factors to consider:
Many times, facility infrastructure is equipped with advanced monitoring systems to provide additional security. Monitoring support to look for in a data center provider can include:
- High-definition video surveillance of both the interior and exterior with archival support
- Live technical monitoring by expert NOC staff
- 24/7/365 support from a live expert
For a typical business to deploy the same level of monitoring systems and support that a colocation provider does, would mean astronomical costs for the business. The more cost-effective and secure solution would be to allow data center experts to help monitor your critical infrastructure.
Layered Data Center Security
Moving data out of your business can seem like a scary thought. What if another tenant were to access your secure data? That’s why finding a facility with layered security is incredibly important. Keeping secure check-in lists up to date is essential. Only those with true business needs should be able to access the facility’s secure area. If a job role were to change or an employee no longer works for the company, that access would need to be revoked immediately.
Systems such as secure check ins, multi-factor authentication through mantraps, key card access, retinal scanners and more are in place to limit access to authorized personel (you) only. Two-factor authentication adds another layer of physical security. For example, using a key card in addition to biometric access requires each user to match the card to their fingerprint or retinal recognition. Adding a code to the mix would be another example of layered security.
Once inside the physical data center room, additional security should be available. Examples may include video surveillance of each rack row, combo locks on each cage and options for private suites. Private suites are a physically separate, dedicated space with cooling, power, network and access options for a high level of customized service.
While technical security systems and live monitoring by experts is a great step in the right direction, physical security is still crucial. Barriers such as fencing, reinforced walls, and underground environments are some of the physical security that data centers can offer.
Many facilities will also use landscaping as physical protection from outdoor elements. Trees, boulders, gulleys and curved roadways can keep any vehicle from getting too close. Where landscaping protection ends, crash-proof barriers should begin to keep a 100-foot buffer zone around the facility’s site.
When it comes to physical security, windows should be avoided. If a data center has windows, they should be limited to break rooms or administrative areas. Windows should also use laminated glass to ensure protection.
3. Secure Network Connection
In addition to a secure location and infrastructure, a secure network connection is of prime importance. It is best practice for data center colocation providers to consider all vulnerabilities when it comes to network routing and connection.
Businesses are starting to require more and more bandwidth and greater network speeds to keep up with their competitors. As a result, these growing needs have made connectivity a major factor when considering data center colocation facilities. Carrier neutral facilities have the ability to deliver high bandwidth and high reliability with low latency service. Generally, latency will be the main factor in transferring data to and from a data center. Latency is the delay before a transfer of data begins following the instruction for its transfer.
Finding a data center colocation provider with a redundant backup connection should be a factor to consider. Redundancy should be built into all data center facilities from power and cooling, to geographically-diverse central offices, to multiple data network carrier access. Select a facility that can weather nearly any conceivable incident with minimal downtime.
Every organization may have different standards and attest to their compliance in a different manner. This is because organizations may be structured to serve industries differently. Despite organizational differences, compliance standards like SSAE 18 help to ensure there are present controls implemented by SOC Reports framework.
SSAE 18, or Statement on Standards for Attestation Engagement No. 18 establish requirements and provide application guidance to auditors for:
- Performing and reporting on examinations
- Reviewing processes
- Agreeing upon procedure engagements (including SOC attestations)
As of May 1, 2017, SSAE 18 has been in effect. SSAE 18 is a series of enhancements aimed to increase the usefulness and quality of SOC reports. The new standard has suspended SSAE 16. The key differences that SSAE 18 brings to light is the way service organizations deal with subservice organizations.
SSAE 18 also require a data center colocation facility to provide the service auditor with a risk assessment that highlights the organization’s key internal risks. This ensures that the provider’s controls are regularly reviewed, vulnerabilities are addressed, and updates are made to mitigate risk.
According to the American Institute of Certified Public Accountants (AICPA), SOC Reports are designed to help service organizations (data center colocation providers) build trust and confidence in the service performed and controls related to the services through a report by an independent auditor. Each type of SOC report is designed to help service organizations meet specific user needs. Now, for those of you who want to get into the nitty gritty, here are the different types of SOC Reports:
What is a SOC 1 Report? SOC 1 Report is a report on controls at a service organization which are relevant to user entities’ internal control over financial reporting. A data center colocation provider would need a SOC 1 report to provide you, the end user, with reasonable assurance that the internal controls are suitably designed and operating effectively to provide you the data center service.
SOC 1 reports can be Type I or Type II reports, so what’s the difference? Type I reports are dates that include a description of the data center’s systems and the tests they use to determine whether their controls are designed appropriately. Type II reports, include a description of the data center’s system and test the design and operating effectiveness over a period of time (usually 12 months).
What is a SOC 2 Report? SOC 2 Report is a report that is intended to meet the needs of a broad range of users who need information and assurance about controls that affect the security, availability or processing integrity of the systems that the data center provider uses.
What is a SOC 3 Report? SOC 3 reports on similar information to SOC 2. The main difference between the two is that SOC 3 is intended for a general audience. Due to their more general nature, SOC 3 reports can be shared openly and posted on a company’s website with a seal indicating their compliance.
Finding a data center colocation provider that meets your strict compliance guidelines is imperative when it comes to keeping your data safe. When selecting a provider, ask them about the compliance badges they possess. Many industries require additional compliance. For instance the healthcare industry is regulated by HIPAA compliance and the financial and banking industry is regulated by PCI-DSS compliance standards. Ensure that your data center provider also demonstrates the same rigorous compliance standards that fall within their control.
Let’s say that you have two data center colocation providers that seem comparable in their secure location, physical infrastructure, secure network and compliance standards. A great way a data center can differentiate itself from a competitor is by offering value-added services. Here are examples of different types of amenities that a facility could provide:
In addition to offering top of the line power, cooling, connectivity, control and security, the best data center will provide on-site amenities. These amenities typically include office or work stations, conference rooms, access to phones, computers, printers and other office equipment. These additions would come in handy when your staff would need to work out of the data center, or if your office experienced equipment failure and needed a backup workplace solution.
Other amenities that can help a data center colocation provider stand out above the rest is the simple features like break rooms or kitchens, storage facilities for client equipment, and secure loading docks. Facilities should be designed with more than just machines in mind. Making customers feel comfortable and productive while on-site is important.
Always-Available Technical Expertise
In addition to the building’s physical amenities, you should look for a provider that comes with technical experts who will be available around the clock. Having readily available support at any moment can be a major differentiator.
When trained technical staff is available, a data center colocation provider would become more than a facility. They would also become a trusted advisor, giving you access to leverage their depth of expertise.
What Impact Will These Factors Make?
Finding a colocation provider that meets the five data center checklist standards above will allow for you to grow your business without fear of interrupting your mission-critical infrastructure. Data center colocation providers protect your data in the case of an emergency by acting as a disaster recovery location. Evaluating providers based on location, infrastructure, network, compliance and their amenities will ensure your investment will yield the greatest benefits.
LightEdge has secure locations at our Des Moines, Kansas City, Omaha, and newly acquired Austin and Raleigh data center facilities. With top of the line physical security features, customers can be sure their data is protected to the highest extent. LightEdge has carrier neutral facilities with the ability to deliver high bandwidth, high reliability and low latency service.
Compliance and security are top priorities to guarantee that your data is protected. LightEdge is compliant with:
- ISO 27001
- ISO 20000-1
- SSAE 18 SOC 1 Type II, SOC 2 Type II and SOC 3
- PCI-DSS 3.2
In addition, LightEdge provides its customers with top of the line amenities including office space and equipment, board rooms, kitchen and break rooms, secure loading docks and more. On top of the building amenities, we have 24/7/365 support from a live technical expert. If you are interested in getting a tour of any of our data center facilities, contact us here. We have data center and security and compliance experts standing by to answer any of your questions.