Why Is Compliance in the Cloud Important?
05/07/12
GUEST BLOG
By Joseph Kirkpatrick
Managing Partner, KirkpatrickPrice
The world’s digital infrastructure is a constantly growing industry. This is why the use of data centers has become exceedingly popular. What is the scary thing about collecting and storing highly sensitive information? The risk of a security breach.
When a company utilizes a data center, such as for cloud computing and hosting, it’s important that they are aware of the security of their organization’s data, especially because data centers often times outsource to other vendors. What does this mean to you? This means they may also have access to your data. This is why cloud hosting providers must be in compliance with all applicable privacy laws when it comes to keeping data secure during the collection, storage and use of your sensitive information.
How is compliance measured? Compliance is measured by how well organizations meet the data security standards and regulations that are meant to help you keep your information confidential and secure. The use of data centers is very resourceful as long as you’re sure your service provider is complying with these industry accepted security standards and regulations. Some of the companies that comply with SSAE 16, PCI Data Security Standards, and Trust Services Principles and Criteria have already taken these steps and have been audited by third parties, such as Certified Public Accountants (CPAs) and Quality Security Assessors (QSAs).
So, what steps should you be taking? Start taking your organization’s security into consideration and ensure compliance in the cloud.
Top 6 Benefits of AIS Network’s Managed Private Cloud
05/03/12
By Jay Atkinson
AIS Network CEO
You want to spend more of your IT dollar on the innovation that your customers expect. So in order for you to focus on your business, the ratio of what you build out “new” versus what you spend time maintaining and running has to improve measurably. Plus, you want maximum control over your IT environment with the least hit to your organization’s bottom line.
You’re sure you get every bit of that and more by moving from a traditional deployment to AIS Network’s Managed Private Cloud architecture. But, how do you persuade the C-Suite to let go of the current environment?
What are the six most compelling benefits for AISN’s Managed Private Cloud?
- Security. Industrial strength security and integrity of data are paramount. AISN’s Managed Private Cloud offers the benefits of cloud technology, but keeps all your data on hardware dedicated to and controlled by you. Under the umbrella of a security framework that you define, you can best address your customers’ security needs and meet the most stringent of compliance requirements – a big enhancement, when compared with open, more heterogeneous systems.
- Compliance. Stringent compliance is a priority. A key component of any high-level compliance program such as SOX, PCI, HIPAA/HITECH or FISMA is the ability to segregate your data from others. With AISN’s Managed Private Cloud, you control your own SAN, which eliminates the possibility of database cross pollination. For PCI compliant solutions, we can easily provide you with your own dedicated firewall. AISN is SSAE 16 Type II-compliant and our methods are explicitly documented and verified by an independent auditor.
- Scalability. Managing growth confidently is critical. As the pure IT content of your business grows, so does the ability to have a flexible – and essentially infinite – expandable computing base. With an AISN Managed Private Cloud, you don’t have to purchase and maintain additional hardware. We manage the technology so that you can focus on business strategy.
- Cost. Saving money is smart business. Deploying an enterprise-scale system in AISN’s Managed Private Cloud can cost significantly less than others would charge you to implement the same system in a public cloud or a hybrid cloud. And, as you grow, you get the benefits of economies of scale, meaning your per virtual machine cost decreases.
- Performance. Speed matters. Since you’re in your own AISN Managed Private Cloud, you don’t have to share resources with other customers and worry whether another customer’s application failure will impact you. Faster response times and a healthier infrastructure is a good thing.
- High Availability. 100% uptime rocks. AISN’s Managed Private Clouds have both physical and virtual redundancy built in to ensure High Availability. Our SSAE 16 Type II-certified data centers safeguard your data against natural and man-made disasters, including physical security breaches. Our rock-solid Service Level Agreement guarantees it.
AISN’s Managed Private Cloud positions you at a competitive advantage by accomplishing your business need to go FASTER – confidently. For more details, get in touch with us. We’d love to help. (Jay Atkinson, jay.atkinson@aisn.net).
IPv6? What is it? And Should I Care?
04/29/12
By Donna Hemmert
VP of Strategy
We, the citizens of the Internet, have a problem. Not unlike in 1947 when we were running out of phone numbers and added area codes to expand the raw number of phone numbers available, we have actually run out of IP (Internet Protocol) addresses. We have already exhausted 4.3 billion IP addresses from the Internet Assigned Numbers Authority (IANA) pool that are part of the first major deployment of IP addresses, Internet Protocol Version 4, IPv4.
The good news is that we saw it coming, and planning and work has been underway for over a decade. In fact, the new standard, IPv6 (Internet Protocol version 6), was developed by the Internet Engineering Task Force and published in an Internet Standard document in December 1998. This new protocol will allow the Internet to continue growing. This has become increasingly important with all the new devices that are here and coming to the Internet including mobile phones and tablets.
IPv6 uses 128-bit addressing, creating a huge number of IP addresses. In comparison, IPv4, which is 32-bit, has 4.3 billion IP addresses. How many IP addresses do we get with IPv6? The actual number is typically described as 2 to the 128th power (or 340 trillion trillion), which is sometimes described as virtually unlimited – that’s a big number!!!
So, are you ready? For consumers and small offices, there isn’t a large issue since consumer routers are often equipped with the ability to convert from IPv4 and IPv6, although for best connectivity IPv6 should be native. For businesses and others, you need to be sure you are ready. There are many great resources on the Internet to help you navigate to assure that your equipment is all IPv6 ready, and in fact, you may already have such equipment. But, there is a huge installed base of networking equipment that is not capable of communicating via the IPv6 protocol.
And if you are wondering if there is a deadline for all this (remember Y2K?) – there isn’t. Companies can start to upgrade their networks where needed now and continue over time. This can be done with equipment that handles both IPv4 and IPv6 (NAT translation and dual-stack capable equipment).
The bottom line: To be on the right side of this equation, start looking to the future now and create a plan for a methodical network upgrade that deals with IPv6 while gaining efficiency with the latest generation networking gear.
SQL Server Virtualization and Why It May Not Be a Good Idea
04/19/12
By Terry Engelstad
MCP, MCSE, CCNA, MCDBA, MCTS, MCITP
AIS Network Operations Manager
It’s very tempting to move Microsoft SQL Server instances to a virtualized environment, especially now that virtualization has become more sophisticated.
Theoretically, reducing the number of physical machines that you have while saving money by cutting your power, maintenance and licensing costs, may seem like the way to go. But, in a production environment, why may virtualizing a SQL Server not always be a good idea?
The problem is not the hypervisor. The problem is not the big, fast disk. The problem is resource contention. All database management systems work better when you give them their own resources. More memory, more central processing unit (CPU), more disk – it doesn’t matter. The bottom line is: Just throw dedicated resources at a database management system (DBMS) and it will work better. While the virtual machines (VMs) run very well, there is likely going to be a noticeable difference between a VM and a physical machine.
The problem with virtualizing a DBMS goes to the very purpose of virtualization – attempting to reduce resources in order to reduce costs. The main retort from both Microsoft and VMWare about getting around reducing resources is that they have built in the ability to “share” resources – sharing CPU, sharing memory, sharing disk. Herein is the problem for databases. They don’t play nicely in the sandbox. They don’t share well. They want their own resources.
So, what do you do? Well, first understand the limits of virtualization and choose your virtualization instances wisely. Remember, there is no absolute solution to virtualizing SQL Server. The best you can hope for is a compromise. And the best way to compromise is to continue to try to isolate SQL Server instances. Over-allocating resources (CPU, memory, disk) in a contentious situation will make an already bad situation worse, so don’t over allocate. In short, don’t fall for “shared resources.”
Does Third Party Hosting for SharePoint 2010 Make Sense?
04/13/12
By Jay Atkinson
AIS Network CEO
“To cloud or not to cloud?” is rapidly emerging as the technical question of the decade.
Industry analyst Gartner, Inc., expects 43 percent of companies to have most of their IT efforts running in the cloud in as little as four years. Due to that expected boom in cloud adoption, Gartner ranks cloud computing as the No. 1 tech priority for chief information officers.
Placing a mission-critical platform into the hands of an independent, third-party hosting services provider can uniquely position that
Should you host your SharePoint 2010 in the cloud?
organization to combine some of the best elements of on-premise hosting and Office 365 delivery. For many organizations, SharePoint is mission critical and the decision to shift from on-premise hosting to third-party hosting is not entered into lightly. However, the benefits of doing so are increasingly appealing. In comparison to on-premise hosting, third-party hosting offers superior flexibility, greater reliability and a better value.
Why a better value? Ultimately, if an organization were to attempt to replicate the hosting infrastructure built by a third-party provider, it would become abundantly clear to that organization that outsourcing to a third party provides a much better value. It is usually cheaper for an organization to host SharePoint on-premise – unless they want to do it right. Replicating an on-site infrastructure that equals the performance, reliability, scalability, security and compliance environment that “comes standard” with a solid, Microsoft hosting partner’s services would be cost prohibitive.
Here, it is also important to note that for public companies or others that are audited, Sarbanes-Oxley (SOX) also drives the case for outsourced hosting. SOX identified the Type II SAS 70 report (today’s equivalent is SSAE 16 Type II) as the only acceptable method for a third party to assure a service organization’s controls. Many reputable hosting companies are SSAE 16 Type II-audited, which means the audit of the hosting company can be incorporated into the audit of the public company. Relying on the audit performed on a third-party hosting company, at the hosting company’s cost, may be much more cost-effective than ensuring your own facilities and processes are SSAE 16-compliant.
Hosted SharePoint Specialists
Organizations contemplating a SharePoint deployment should recognize that there are applications hosting providers and then there are a handful of hosting providers that specialize in hosting SharePoint. Many have Microsoft and additional compliance certifications, and that enhanced capability and level of service may be imperative to an organization requiring customized SharePoint hosting configurations, Microsoft-certified talent, and top-grade security and disaster compliance.
The hosting provider’s infrastructure is supported by many clients, thus enabling it to deliver a broad range of services at a substantially lower price (than managing identical services on-premise).
For the customer, there is little upfront capital expense and the monthly payments to the hosting company are predictable operational expenses. The IT staff is freed up from spending precious resources and time on designing its own hosting solution architecture. Stressing about managing backups, software licenses, hardware/software upgrades, and patching schedules is all in the hands of seasoned hosting experts who monitor the customer’s SharePoint solution in a disaster-resistant data center.
In addition to cloud hosting services, there are two general types of SharePoint hosting that a third-party provider may offer:
• Shared hosting. An organization’s applications and data are deployed on a server that is shared by several other organizations.
• Dedicated hosting. An organization either deploys its own servers or the hosting provider deploys servers dedicated for exclusive use by that organization. Dedicated hosting may be provided by either dedicated physical servers or dedicated virtual servers.
Benefits and Drawbacks of Third-Party Hosting
A SharePoint hosting provider frees up an organization’s entire IT staff to focus on tasks that will help grow their business. In their Service Level Agreements, most top-tier hosting providers offer disaster-resistant data centers, temperature and access controls, 24x7x365 monitoring and response, excellent connectivity, reliable uptime and availability, managed hardware/software upgrades and maintenance, routine backups and fail-over capability in the event of disaster.
The best providers develop a solid, personalized relationship with each customer, listening carefully to their needs and integrating their team of experts into the organization’s IT staff.
Benefits include the following:
• Customization. The hosting provider is capable of configuring highly complex SharePoint installations.
• Low upfront costs. Capital outlays are minimized. Outsourced hosting becomes an operational expense. The hosting provider typically buys and manages the servers and provides the licenses.
• Staff. Highly trained hosting experts strive to integrate seamlessly with an organization’s team, thus helping to strengthen the relationship through personalized service.
• Security. An organization’s servers are typically highly secured, backed up and sitting in a disaster-resistant data center. Many providers have SSAE 16 Type II designations as well as other compliance certifications.
• Scalable. Spikes in traffic can be sustained without the accompanying worry that the organization’s network will crash.
Drawbacks include the following:
• Portability. SharePoint hosting is complex, and organizations must enter into long-term contractual commitments with their hosting provider. Switching providers in mid-contract, or reverting back to self-hosting, is not easy and the process of migrating data to a new hosting arrangement can be onerous.
• Slower deployments. Deploying the physical infrastructure is managed and thus not as turn-key as cloud-based hosting.
In addition to cloud hosting services already addressed by this paper, there are two general types of SharePoint hosting that a third-party provider may offer:
• Change management. Changes – either hardware or software – to the SharePoint configuration may require the hosting provider’s review and approval, so organizations must plan in advance.
• Flexibility. While third-party hosting may not recreate the level of flexibility associated with on-premise hosting, in most cases, the degree to which an organization loses out on flexibility and control is less than the degree by which it will save on capital outlays.
Just as with on-premise hosting, there is a large emphasis on customization and flexibility in the world of third-party hosting providers. An organization will have full access to its own SharePoint environment – the way it should be – and any kind of software application that compliments its SharePoint (customer relationship management software, data mining programs, etc.) can be integrated.
Have more questions about hosting SharePoint in the cloud? Download the “To Cloud or Not to Cloud” whitepaper and/or speak with someone in our office.