The Criticality of Standards & Compliance in Colocation – by Dan Vazquez
Colocation providers are not made equal when it comes to standards and compliance. Some simply don’t look at standards and compliance as being vital to the success of their business. The problem with that line of thinking is that standards and compliance are becoming increasingly more important to organizations seeking colocation services. Today’s customers are a lot more sophisticated then even customers from 5 or 10 years ago. Having third parties audit colocation providers helps customers feel assured that certain actions have been put in place. For the most part; customers do not accept a colocation facility stating we are concurrently maintainable or that they meet certain physical security standards. They want the proof. The issue is most colocation buyers don’t have the budget for a PE, ME or EE to check the resiliency of the facility. Also, just because a colocation company meets a standard today doesn’t mean they will meet it in the future when the standard is updated or changed. Customers want assurance that their data and systems are safe and secure in a resilient facility.
The Different Standards
There are a number of standards and it is not cost effective for a colocation company to go after them all. What standards are important to a colocation company? Standards can be broken down into three basic groups. Sustainability standards such as LEEDs or Energy Star help a potential customer to understand that a colocation company is looking to be a good corporate citizen and trying to reduce overall cost or impact to the environment. Facility redundancy standards, such as Uptime, TIA 942, BICSI 002 for example, help a potential customer understand how resilient the facility is. Industry, governance or internal required standards; such as, SSAE16, PCI-DSS, HIPPA, ISO 27001, FISMA/FEDRAMP, DR/Business Continuity and others are related to business requirements. Understanding what standards are important to a potential customer base could be as simple as understanding the industry or market that you are interested in. In the colocation business a common saying is many people can say no to a deal but only one can say yes. Not having certain standards in place can impact a colocation provider’s ability to compete for additional business or qualify on RFPs.
Not just pieces of paper – they can really help
Standards can also help the actual operations of the colocation facility. Industry, governance, or internal required standards require self-assessments. A colocation company has to understand what is important to their business, identify the risks to the business and put life cycle management in place. They need to train their staff, set up review boards, have an incident process, and complete post-mortems. An educated colocation staff is better equipped to catch and resolve problems prior to them becoming critical issues. Meeting redundancy standards means the staff has a certain design and maintenance equipment available. Staff can perform necessary changes to the environment and be comfortable about the outcome. They will have certain equipment available that allows them to perform specific checks or tests and have the proper monitoring and notification in place. A colocation company that has a number of customers or plans on having a number of customers without compliance in place will have their staff performing countless policy reviews, process reviews, and site walk-throughs with external auditors. If a colocation company has customers that are managed service or cloud computing providers there could be countless more audits and reviews. Many larger colocation buyers have external vendor audit requirements in place which require additional audits and reviews. Without standards and compliance a colocation company can have staff performing audits and reviews versus maintaining or improving the facility.
Simply a must have to be successful
Standards and compliance is ‘Not a check box.’ Standards and compliance helps a colocation company be better equipped to support their customer base. It tells potential customers that you understand their industry and that their business is important to you. It tells potential customers that the environment and efficiency is important. But, more importantly, it helps to protect both the colocation company and its customers. By having staff properly trained they are better equipped to maintain the facility. The policies and processes will be more thorough and there will be regular reviews. As the data center industry continues to mature having a mature and disciplined process will be a must have to succeed.
About the Author:
After retiring from the United States Air Force, Dan Vazquez has spent the past 15 years in the data center colocation industry with Texas based colocation specialist CyrusOne. Dan was one the original executives at CyrusOne and held a number of executive positions including three years as the Head of Audit & Compliance. Dan is currently an independent data center industry consultant and provides guidance to the Kiamesha Global team and its customers on various aspects of the data center industry.
Latest posts by Todd Smith (see all)
- DeltaForceIT Austin Event – April 13-14 - February 26, 2016
- Plan B for IT – Don’t be a Sticky Revenue Victim - October 7, 2015
- Data Center Wars San Antonio – Underserved with a Bright Future - October 6, 2015