Does outsourced IT infrastructure compromise your data security?
2020 will go down in history as the year that cloud based technologies and cloud hosting were catapulted into the mainstream, with everyone from local business owners to Grandmothers jumping feet first into the digital world.
For many larger organisations, lockdown has put a rocket into on-going digital transformation projects and supercharged the shift to cloud-first.
Last month we looked at IT strategy reviews in the context of a post-COVID world. This month we are looking at IT infrastructure as a service with a focus on data security.
If you are now looking into how to move your onsite IT infrastructure to the cloud, this blog post will hopefully cover some of your main concerns and answer some questions for you.
How does IT infrastructure as a service (IaaS) work?
If your company relies on remote working for business continuity then you’ll no doubt already have shifted many operations to the cloud. But our experience is that cloud infrastructure in many organisations has often grown organically and expanded to meet increasing or additional business needs over time.
Managing data security across multiple platforms can be a complex undertaking. You’re only as secure as your weakest link, so understanding the security level for each component in your IT infrastructure and performing regular testing is vital. Organisations without the in-house resources or skills to manage, optimise and protect systems effectively on an on-going basis are leaving themselves open to security breaches.
One solution to this is to bring on board a managed service provider (MSP) who can store your company data and applications on their remote cloud infrastructure. With IaaS (Infrastructure as a Service), accessibility is enhanced as your team may access your business assets and systems from anywhere globally, and you have the added peace of mind in knowing that your data security is being proactively managed by experts in this field so you can concentrate on the day to day management of your IT systems and staff IT or support needs.
How can you retain control of your data security?
Handing over control of your data security to a third party makes some IT Managers understandably nervous. There are a number of ways you can ensure you retain control and guarantee any partners you bring on board work to the same level of scrutiny. Ultimately this comes down to which MSP you go for. But here are some key things to look out for:
1. Geographical location
High profile data breaches and data misuse stories are a regular feature in the news nowadays, not least recent talk of Russian interference in Western elections. Many of us are rightly concerned about who has our data and how it is shared and processed.
With post-Brexit trade deals and new international partnerships being forged, there have been concerns raised about how cloud-based data might be affected in the future by different international laws and protections. (We explored this back in 2018 in our ‘Is your data at risk after Brexit’ blog post.)
We understand and share your concerns. And that’s why virtualDCS only operates through UK-based data centres. We own our own cloud and offer all Veeam services ourselves, so we don’t outsource to any other partners. Your data is safe with us.
2. ISO 27001 Certified Systems Suppliers
ISO 27001 is the international standard for best practice for information security management systems, covering technical and business controls that ensure a company is managing its data in the most secure way possible.
The standard includes 14 areas covering various security protocols, including asset management, company security policy, physical and environmental security, security incident management, access control and compliance.
One specific example is the supplier security policy, which mandates the development of a security policy for every supplier that aligns with your own policy. When bringing new suppliers or partners on board, an ISO 27001 accredited organisation will thoroughly discuss and agree the policy to ensure unnecessary vulnerabilities are identified and eliminated.
Others include mandatory information security across the board, heightened security on user access, tight controls on software installation and physical security elements.
Formally known as ISO/IEC 27001:2005, ISO 27001 was updated in 2013 to include these additional controls:
- Information security is a compulsory part of project management, regardless of the nature of a project (6.1.5)
- Every user is restricted from installing any unauthorised software on the company systems without getting permission and the verification of the analyst (12.6.2)
- All risks have been properly identified and assessed (12.2.6)
- This control makes it compulsory to Implementing and following software testing procedure is compulsory (14.2.8)
Many businesses that have an ISO 27001 certification tend to heavily limit the scope of the audit, but when virtualDCS renewed its ISO 27001 status in 2018, we reviewed the entire scope of the business – everything from how we purchase teabags to our comprehensive staff vetting procedure.
Each of our employees is responsible for monitoring and updating a set of unique standard operating procedures. We do this so that that information security is at the forefront of everyone’s mind and at the heart of our business.
3. Private cloud option
Private cloud hosting offers organisations the accessibility and flexibility of the cloud while giving the keys and control back to your team.
You can host and run your company’s IT systems (servers, storage etc.) in the virtualDCS cloud. Then this can either be managed by virtualDCS or managed as a private cloud by your IT department.
For organisations that want to and are in a position to manage their own cloud, this option gives the best of both worlds.
How does the virtualDCS solution stack up?
Key features of the virtualDCS solution:
- Highly available, resilient platform
- Patching and hardware upgrades included with no downtime
- 24 x 7 monitoring, 365 days.
- UK hosting
- ISO 27001 compliant solution.
- VMware based platform
- Platform licences are managed by virtualDCS.
- Managed backups available
- Pay as a Service with no outright capital expense.
- Cost savings e.g. TCO reduction
- Green solution through shared resources
- Reduces strain on existing IT department as the platform is managed by virtualDCS
- Specialist support team available
- Constantly evolving infrastructure with access to best of breed technology.
- Scalable resources up and down (Coronavirus).
How do we work out our IT infrastructure service pricing?
virtualDCS pricing is then broken down per item and recalculated depending on the solution.
If you would like to discuss outsourcing your IT infrastructure and/or management, we are happy to book a free consultation call to discuss options.
If you’re sure what you need, we can support you in the designing of your infrastructure.
For more information or to speak to the team, call 03453 888 327 or email enquiries@virtualDCS.co.uk