One thing we have noticed change over the last 3 years is that we no longer have to sell people on cloud computing. A few years ago, the vast majority of our clients were using managed servers, but that has certainly shifted. And this is, of course, a part of a much larger trend. The IT community as a whole has accepted cloud for all its many benefits. (For more on cloud benefits see here.)
But where we now notice our clients seek advice is not WHETHER to adopt the cloud but which cloud to adopt – public, community, hybrid or private. And private cloud is by far seeing the most growth at AIS Network. Given much of our customer base consider our compliances (including HIPAA, PCI, SOX, FISMA, ISO 27002) key, we are not surprised by this. There is more on compliances below and how it relates to private cloud, but first let’s define private cloud and how it differs.
Private Cloud is a cloud that is operated solely by, or on behalf of, an organization. And, recently, with many public attacks on shared cloud environments (aka public or community cloud), the clamor for private cloud has heightened. Let’s face it; the alternatives like public clouds are popular. In fact, by 2016, it’s expected to account for more than $207 billion in revenue. But public clouds come with risks…. Whether security is breached with a web crawler to “scrape” data or a hacker spreading malware by breaking an encryption key, public clouds are just at increased risk over private cloud.
Private cloud is more secure than public or community clouds for a few reasons. Most notably, private cloud offers more control over security processes, including firewalls. By allowing customers to work directly with providers like us to control the security process, it provides greater security and customer confidence.
So when do you want to have private cloud? We find that organizations that require compliances like HIPAA or FISMA often prefer private cloud. In the case of HIPAA compliance, IT professionals have the burden of patient privacy being maintained. In fact, private cloud is often preferential for other professionals such as lawyers who are bound by oath for client privileges.
Think you might be interested in Private Cloud? Here are a few questions to be sure to ask us or another considered provider:
- What are the costs associated with private cloud?
- How quickly can I be up and running?
- How will you meet my company’s specific security requirements?
- If your require compliance with a specific security framework, be sure to ask about these. You can find many of AISN’s compliances listed here.
- Can I move all my current systems to this private cloud implementation (including legacy systems)?
- Do you back up? What are your Disaster Recovery offerings for private cloud?
- How private is it? Do you require logical isolation, or do you also require physical isolation?
- Does the provider offer additional IT managed services? Remember, your projects might grow over time and require other services.
We need help for AIS Network! Are you a junior level network engineer? Send in a cover letter and resume today. We’re looking for one employee who is enthusiastic to learn but already knows quite a bit!!! 1 employee every week!!!
JUNIOR WHO HAS FINISHED COLLEGE… NOW> < SOMEBODY BRILLANT AND HARD-WORKING +DEDICATED+MOTIVATED+PROBLEM SOLVER++ ATTENTION TO detail ++ FOCUSED ++ Ability to concentrate
We exhibited at the 2014 ACCS Annual Conference (Association of Collegiate Computing Services of Virginia) in Charlottesville last week and it was one of our favorite shows to date. The ACCS volunteers did a tremendous job. They really take pride in the conference, make the vendors feel appreciated, and fed everybody well! Everyone we met was really great – friendly, enthusiastic and well informed. We learned a lot from everyone – from the keynotes to the attendees. It really will help us serve the higher education market even better.
What were people buzzing about (besides the Cisco Casino Night)? Frankly, we kept hearing about the keynotes. We were impressed with who was booked for the event.
-Author of The Crowdfunding Bible, Scott Steinberg, who is a well known business strategist
-Melina Davis-Martin, co-founder of PlanG Holdings who developed a cause marketing platform and has an impressive background in health & human services.
For AISN, we found the biggest topic we were hearing at our booth was in regard to disaster recovery and FERPA compliance. As a hosting company that has implemented the NIST security control framework, this didn’t come as a surprise to us. It makes good sense why disaster recovery is very important to higher education. Colleges and universities are often large institutions with many different stakeholders (students, teachers, staff, the community), can be on multiple campuses and are large consumers of technology. Data can be student data, financial data, research data, alumni data, grant data – the list goes on and on. So, it’s no big surprise to us to see the interest in protecting this data in the event of a disaster.Our takeaways from the show – we definitely want to do this show again next year and will be looking for other ways to engage with the higher education market. And we are thinking it might be time to do a webinar on disaster recovery specifically aimed at the needs of higher education, so stay tuned for this. Have thoughts on this? We would love to hear from you in the comments below.
By Sarah Morris, KirkpatrickPrice
Are you aware of the changes to PCI DSS v3.0? The Payment Card Industry (PCI) Council has developed new changes to the PCI DSS requirements by asking one question: What will improve payment security?
While the core 12 security areas will remain the same, several new sub-requirements have been implemented for increased clarification and understanding.
What are the biggest changes being made to PCI DSS 3.0?
- Penetration Testing Requirements – The new penetration testing requirements include an implemented penetration test to verify that the controls used to segment the environment are operational and effective.
- Service Provider Responsibilities – By emphasizing that security is a shared responsibility, the council has further defined the responsibilities of service providers such as providing written vendor acknowledgement for each DSS requirement for which they are responsible.
- Password Requirements – Enhanced awareness to ensure password security is due to the fact that unchanged default passwords are a common cause of data compromises. Password security is one of the first building blocks in securing your environment.
You can download the full list of new requirements here (PCI-DSS-3.0 requirements). Let me know if you would like to learn more about these
new changes and how they affect you.
We often get the question of what is the difference between Virtual Private Servers (VPS) and cloud servers. Both use a virtualized (as opposed to physical) environment and so they are often confused.
First it’s important you understand virtualization. Virtualization is the creation of a virtual (rather than actual) version of something. For our purposes here, virtualization refers to technologies designed to provide a level of abstraction between hardware and software so that we get a logical view of computing resources (as opposed opt physical). This allows us to “trick” the operating system into thinking a group servers is a pool of computing resources giving you your own economies of scale.
With virtualization, to start, a host is needed. A host (or host virtual machine) is where all the host virtual machines reside – the underlying hardware or server component that provides computing resources. A collection of hosts can create a cloud of shared resources. Here are some of the most common ways virtualization is configured:
- Cloud servers: Virtual machines that ride atop a cloud (a collection of hosts). You can see your VMs, but you have no control over the host.
- VPS: The virtualization allows you to partition a single physical computer into multiple servers so that each can run like its own dedicated machine. So on a VPS, each virtual machine has its own operating system, can run and respond independently, and even be rebooted independently. You have full access to the host AND the VMs that ride on it. This is the ultimate in control, but does very little for resource expansion unless other VPS’s are added.
- Private Cloud: There are 2 types of Private Cloud – Virtual and Dedicated.
A Dedicated Private Cloud provides you with a physically isolated infrastructure. You have your own private cloud instance and the most control over your resourses. The downside is that hardware must be added to expand resources.
A Virtual Private Cloud provides you a logically isolated infrastructure, with fully private networking and resource pools. You can easily add resources.
Where we find new customers will often come to us asking for VPS is in order to increase security. These customers most often want to maintain total control of their own environment and do not want to share computing resources with people outside their companies in the a public environment like a public cloud. This is where having your own private cloud can be the perfect answer. Private Cloud gives you many of the benefits of the VPS but add in redundancy, fail over, quick provisioning and deployment. The process to get a new VM up and running in the Cloud typically takes only a few clicks where VPS requires a manual upgrade to your service. So, if you are thinking VPS, you may want to consider private cloud – for convenience, flexibility, cost and security.