We often get the question of what is the difference between Virtual Private Servers (VPS) and cloud servers. Both use a virtualized (as opposed to physical) environment and so they are often confused.
First it’s important you understand virtualization. Virtualization is the creation of a virtual (rather than actual) version of something. For our purposes here, virtualization refers to technologies designed to provide a level of abstraction between hardware and software so that we get a logical view of computing resources (as opposed opt physical). This allows us to “trick” the operating system into thinking a group servers is a pool of computing resources giving you your own economies of scale.
With virtualization, to start, a host is needed. A host (or host virtual machine) is where all the host virtual machines reside – the underlying hardware or server component that provides computing resources. A collection of hosts can create a cloud of shared resources. Here are some of the most common ways virtualization is configured:
- Cloud servers: Virtual machines that ride atop a cloud (a collection of hosts). You can see your VMs, but you have no control over the host.
- VPS: The virtualization allows you to partition a single physical computer into multiple servers so that each can run like its own dedicated machine. So on a VPS, each virtual machine has its own operating system, can run and respond independently, and even be rebooted independently. You have full access to the host AND the VMs that ride on it. This is the ultimate in control, but does very little for resource expansion unless other VPS’s are added.
- Private Cloud: There are 2 types of Private Cloud – Virtual and Dedicated.
A Dedicated Private Cloud provides you with a physically isolated infrastructure. You have your own private cloud instance and the most control over your resourses. The downside is that hardware must be added to expand resources.
A Virtual Private Cloud provides you a logically isolated infrastructure, with fully private networking and resource pools. You can easily add resources.
Where we find new customers will often come to us asking for VPS is in order to increase security. These customers most often want to maintain total control of their own environment and do not want to share computing resources with people outside their companies in the a public environment like a public cloud. This is where having your own private cloud can be the perfect answer. Private Cloud gives you many of the benefits of the VPS but add in redundancy, fail over, quick provisioning and deployment. The process to get a new VM up and running in the Cloud typically takes only a few clicks where VPS requires a manual upgrade to your service. So, if you are thinking VPS, you may want to consider private cloud – for convenience, flexibility, cost and security.
By Laurie Head
AIS Network VP, Marketing Communications
Well, it’s off to Bath County to sponsor the 2013 Annual Conference of the Virginia Association of Counties (VACo), which is beginning on Sunday at the Omni Homestead Resort.
As you may already know, AISN hosts the commonwealth portal, Virginia.gov, and provides hosting services for numerous state agencies and localities, under its contract with the Commonwealth of Virginia (VA-120416-AISN). As a conference exhibitor, AISN will showcase its high security/ high compliance cloud hosting with a focus on how it can help Virginia’s counties back up their mission-critical data and apps and protect their information technology infrastructure from natural disasters such as hurricanes, blizzards, ice storms and earthquakes as well as human error.
We’re pretty excited to present our high performance hosting and disaster recovery capabilities at this year’s VACo annual conference. AISN has long admired VACo’s commitment to advocacy on behalf of Virginia’s counties, and we are very proud to do our part too by offering counties state-of-the-art IT services that they can actually afford during these cost-conscious times. We will show them how they can use our contract with the Commonwealth of Virginia to safeguard their IT infrastructure in a way that will also reduce expenses and improve operational efficiencies.
AISN is Virginia-based and SWaM-certified. We are a leading supplier of IT disaster recovery and private cloud hosting solutions for those organizations with the most demanding security and compliance requirements. Our state contract empowers AISN to serve agencies, counties, municipalities and all other public entities throughout the Commonwealth of Virginia.
Hope to see you there!
By Sarah Morris, KirkpatrickPrice
If you’re hosting data classified as patient health information (PHI), it’s always your responsibility to take appropriate measures to comply with the HIPAA Security Rule. Beginning September 23, as a business associate of a healthcare entity, you can now be fined directly by the Department of Health and Human Services for not complying with the law.
That’s right—next week, the level of accountability is increasing for those providers serving the healthcare market. What does this mean? Simply signing a Business Associate Agreement (BAA) is no longer enough! All Business Associates must ensure their compliance by establishing appropriate physical, administrative, and technical safeguards to protect PHI.
In light of the changes to the Security rule, it’s in the best interest of all hosting providers to simplify an internal process for handling all client data, thus ensuring compliance with the various frameworks governing controls. Many companies have established a policy to treat all data as PHI so that systems don’t have to be segmented for compliance purposes.
So, what if we’re doing everything to make sure the proper policies and procedures are in place and there’s still a breach? Even in the tightest of security environments, breaches can still happen. However, there’s a difference between being negligent after a data breach and doing everything you can to resolve the issue while communicating this to your client. Taking immediate action to remediate a breach can be the difference in costing your company large amounts of money in fines administrated by the Office of Civil Rights.
KirkpatrickPrice has pointed out three useful tips to help hosting providers prepare for these new changes and potential audits.
1. Do you have someone overseeing your compliance efforts? Make sure your organization is establishing and implementing physical, administrative, and technical safeguards to protect PHI. Are those policies and procedures formally written? If your client scheduled an onsite audit, could you produce adequate evidence to show you are following your procedures? Protection from data breaches should be top priority among your organization.
2. Do you know who your vendors are? Now that you’re required to be responsible for your own compliance, you need to make sure the companies you’re partnering with can be trusted. This can be the difference in costing your company money and reputation over the loss of data. So what if you have all necessary controls in place to protect PHI if the companies you’re working with aren’t doing the same? Check to see if a potential vendor complies with the necessary security controls to protect PHI before engaging them in business.
3. Are you assuring your chain of custody? Signing a BA agreement used to be all that was necessary to satisfy a client’s contractual requirements. Now they must go further by asking you for written policies and procedures at a minimum. Are you prepared for your clients to perform a HIPAA risk assessment on your organization?
Taking a fresh look at the HIPAA requirements is very important before the upcoming changes take effect. Contact us at KirkpatrickPrice for help with looking at the HIPAA Security Rule standards against what you’re currently doing.
Disaster recovery plans are a key component of business continuity. Below is a brief checklist to help guide you:
Business Continuity Plan (BCP) Project Approach
1. Business Impact Analysis
a. Review existing business continuity capabilities:
i. Evaluate the risk to business process failures
ii. Identify critical and necessary business functions/processes and their resource dependencies
iii. Estimate the financial and operational impacts of disruption and the required recovery timeframe for these critical business functions
iv. Assess the effectiveness of existing risk reduction measures
b. Compile BIA Report:
i. Financial impact of disruption
ii. Operational impact of disruption
iii. Prioritized critical functions for business continuity
iv. Recover time frames for critical functions
v. Required resources (i.e., computer systems, vital records, telecommunications and work areas) for business continuity
2. Strategy Selection
a. Identify a range of specific recovery strategies to address interruptions of production processes
b. Identify the computing resources required to recover the various distributed processing environments
c. Document alternative recovery strategies within a Recovery Strategy Selection report
3. Business Continuity Plan Documentation
a. Create new Business Continuity Plan including:
i. Emergency notification and disaster declaration procedures
ii. Recovery team procedures
iii. Facility and business restoration procedures
iv. BCP testing and maintenance cycles
v. Appendices for master contact lists, equipment inventories, connectivity schematics, etc.
Twelve Business Continuity Plan (BCP) Components:
2. Technology Components
3. Data Center Recovery Alternatives
4. Backup Recovery Facilities
5. Geographic Diversity
6. Backup and Storage Strategies
7. Data File Backup
8. Software Backup
9. Off-site Storage
12. Other Considerations
For more on IT disaster recovery, take a look at some recent blogs on the subject.
By Sarah Morris
In late October 2012, Hurricane Sandy left devastation in parts of the Caribbean, Mid-Atlantic and Midwestern states, and Eastern Canada. With winds up to 80 mph, this Category 2 hurricane wreaked havoc along the eastern seaboard of the United States from Florida to Maine.
Sandy was declared the largest Atlantic hurricane on record with a measured diameter of 1,100 miles, affecting 24 states. Severe flooding and power loss in New Jersey and New York left an approximated $63 billion dollars in damage.
Many companies and businesses were left inoperable and critical systems were left unavailable and unsecured. Without proper planning for a disaster like the wake of destruction left by Sandy and many of her predecessors, businesses suffered.
Fortunately for some, there were those that took steps toward preventative action by developing Business Continuity Plans and Disaster Recovery Plans. These plans for preparedness can help any business analyze potential risks and threats that present themselves to the operation and functionality of the business in the path of disaster.
Blue World, Inc., a service organization that specializes in data collection, software application development, and marketing services, is located in lower Manhattan in New York City.
After Sandy hit, Blue World COO Ted Locke told Gary Boardman, their Information Security Auditor with KirkpatrickPrice, that the building “had 5 to 6 feet of water through the first floor and filled the basement to a level 35 feet deep.” He went on to comment, “There is not a single first floor business in lower Manhattan that was not destroyed. Most of the buildings in lower Manhattan will not be operational for months.”
Despite the destruction of Sandy, Blue World never missed a day of operation. Blue World engaged information security specialists at KirkpatrickPrice to develop a Business Continuity Plan, which they practiced and tested to its very limits.
“It has worked,” said Locke. Blue World deployed their BCP on the Sunday before the storm, and when asked about their experience with engaging KirkpatrickPrice, said, “If it weren’t for our work with KirkpatrickPrice these last two years, Blue World would not exist today.”
Blue World’s Business Continuity Plan left them ready to operate through any disaster.
What exactly is a Business Continuity Plan and how did it help support Blue World’s operation?
The process of developing a Business Continuity Plan helps service organizations analyze the impact that potential risks could have on business functions and processes. This allows them to prioritize critical functions and strategize accordingly to develop recovery processes.
There are many components that must be considered when developing a BCP, including personnel, technology components, backup and storage facilities, and communications. With proper preparation and testing of disaster recovery plans, service organizations can mitigate any risk of operational failure.
The key is preparing, whether you think disaster will happen or not. Planning ahead is the only way you can protect your business and ensure that you’ll remain up and running.
To emphasize the severity of preparing for disaster, Locke summed up Blue World’s success by saying, “If you approach your BCP as if its enactment is an inevitability, rather than a possibility, you will be much more successful in its development and deployment.”