Blog

Deciding which data center to use can be confusing, given that the Tier System implemented by The Uptime Institute can be a bit confusing. That being said, there are serious differences and it is worthwhile to know which kind of center you need before choosing one. Specifically, the level of reliability you need from your data center can vary, and each tier will give you a subsequent increase in reliability.

Tier I Data Centers, according to Colocation America, are appropriate for small businesses and have 28.8 hours of downtime per year, resulting in a 99.671% Uptime rate. They are also not required to have any redundancy of systems.

When you get to a Tier IV data center system, you are looking at only 26.3 minutes of downtime per year, with features like 2N+1 fully redundant infrastructure and 4 full days of protection in the event of a power outage. These centers have so many fail-safes to make sure that your data is available that you are unlikely to ever experience an outage.

In between, there are incremental degrees including Tier II and Tier III, because they have some redundancy in systems like air conditioning and some protection against power outages, but not as much as Tier IV.

The tiers are also explained by the Uptime Institute, where certification can be explored in greater detail, as meeting 4 levels of standards in general: Tier I is basic capacity, with Tier II adding redundant capacity components and Tier III making the system concurrently maintainable. The final hurdle to get to Tier IV is that the system is fault tolerant, meaning “when individual equipment failures or distribution path interruptions occur, the effects of the events are stopped short of the IT operations.”

Our multi-layered approach to security begins with the physical security of your data, and is why we deploy our cloud in Tier IV Data Centers that enforce the most stringent security policies available of any data center option.

WHOA.com uses three Tier IV facility in Miami, FL providing geographically distributed enterprise level physical security built-in redundancy in one of the world’s most connected cities. To get a multi-layered approach to cloud computing solutions, contact us.

These days e-commerce stores are popping up left and right and in such a fast growing area of business, it is inevitable that rumors will just start flowing in, confusing both newcomers and experts alike.  Simply put, all businesses that accept credit cards must be in compliance with standards set forth by the Payment Card Industry Data Security Standard (PCI DSS).  There are no exceptions to this rule, so why don’t we dispel some common myths about PCI compliance.

“Someone else actually processes our credit cards, we just outsource to them.”

This is one of the most common myths, and it is easy to see why.  It makes sense, doesn’t it?  If some third party is actually processing your cards, then why should you worry about PCI compliance?  The PCI says that it is your job to ensure transactions are safe from start to finish.  Having another company process the cards doesn’t mean that your customers are safe from end-to-end, starting from your website where they originated.

“My business is small – PCI compliance is for large corporations.”

While small businesses may not need to submit an actual report to the PCI Security Standards Council, you will still be held accountable if there were to be a security breach.  Feigning ignorance will certainly not get you off the hook.

“PCI compliance is only for credit cards.  ATM and debit cards are exempt.”

A majority of transactions will be processed as credit, regardless of the type of card used.  Additionally, the same banks that issue credit cards also issue debit cards.  PCI DSS requires compliance regardless of the type of card used.

“Merchants can store whatever data they want.”

Many merchants out there assume that since the customer gave them this data, they are allowed to knowingly store it however they would like.  This misconception can lead to some serious legal problems.  Storing certain types of data is in violation of PCI DSS and, as a result, may be in violation of state and even federal privacy laws.  If your system were to ever be identified as the originating site of a data breach, which resulted in the release of card users’ data, you will be subject to fines and restitution to recoup any losses from that breach.

WHOA.com’s cloud infrastructure features PCI DSS 3.2 and ISO 27001 certification and HIPAA compliance for cloud solutions. Contact us to learn more about PCI compliant cloud services.

Data, especially that of your customers, is your business’s lifeblood. It’s not only valuable to you but to others such as cyber criminals and your competitors. It’s essentially informational wealth. But unlike other forms of wealth such as jewelry or precious metals, business data isn’t kept in a vault. Too many businesses keep their data behind unlocked doors for much of the day. This lack of physical security is a common oversight caused by an almost exclusive focus on cyber threats. Crime has a way of exploiting relative weaknesses or paths of least resistance, and it’s only a matter of time before a physical breach occurs.

The physical security weaknesses of business server rooms and even professional data centers come in many forms. These include:

Exterior Windows

This mistake is more common of business server rooms than of professional data centers. Glass won’t hold up to the flying debris of a violent windstorm. Once broken, the server room is exposed to the elements. The fragility of glass also makes windows a favorite point of entry for thieves.

An Open Lobby

Sometimes, the front door is the easiest way into an otherwise physically secure building. Many companies have an unlocked door leading into a lobby that’s “guarded” by a receptionist. Getting past this person is easily done with two people. One distracts the receptionist with questions, while another walks past. This is best done while the lobby is busy with people.

Poorly Locked Doors

Mechanical locks can be picked, and their keys lost or stolen. The dead bolts of some locks are easily pushed back with a knife or plastic card. Sometimes bolts don’t extend far enough, and allow the door to be kicked open.

Sheetrock Walls

If the only barrier between the server room and an adjacent room is a sheetrock wall, a person wearing heavy boots can kicked their way through the wall. A large hammer will also suffice.

Walls That Don’t Connect With the True Ceiling

Very large rooms are often converted into smaller rooms using multiple interior walls that don’t connect with the ceiling. Drop ceilings are then used for the smaller rooms. A person can remove a drop ceiling tile and climb over the wall and into an adjacent server room.

Converting a typical office space into a physically secure data center is difficult if not impossible. When considering the services of a data center, thorough security due diligence is required. WHOA.com uses physically secure Tier IV data centers. Contact us with your questions about our managed security services.

There is a reason why cyber criminals prefer medical health information to many other types of data, including credit card and bank account data. Medical health patient information such as social security numbers, personal identities, and health histories don’t change. On the other hand, pass-codes can be quickly changed and credit accounts frozen when a breach is discovered. Banks will react fast. People are more likely to notice unexplained bank account withdrawals and credit charges than unexplained health insurance claims and charges to Medicare. This is because health record exploitation isn’t on their radar. In short, compared to medical records, bank data has a brief shelf life for felonious use.

Medical records also contain much more information that can be put to many uses. Phony passports and other ID cards can be fabricated and sold for profit. The personal health problems along with names and phone numbers of people can be sold to telemarketers who then attempt to sell related equipment and supplies to the victims. Medical records can contain enough information, including place of employment, for criminals to file fake tax returns. Valuable medical items can be charged by criminals to Medicare and to health insurance accounts and sold for profit.

With stolen medical health information being the digital gold that it is, it’s more important than ever to use an HIPAA compliant cloud service for hosting personal health information. HIPAA compliance is not only the smart thing to do, it’s the law. Noncompliance can result in being served with civil and criminal penalties and with fines up to a maximum of $1.5 million per year. Not only will a data breach harm your business, it can also harm your customers/patients. They can be victimized with identity theft, lose their health insurance, face higher health insurance premiums, and depending on how their information was abused, suffer many other difficulties.

WHOA.com offers HIPAA compliant cloud services and is ISO 27001-certified. To learn more about how we protect our client’s data, contact us.

© 2018 WHOA.com All rights reserved.