Tag Archives: SAS 70

Cloud Security – Part 2 of 2

State of the art measures ensure data security

There are four main facets to a comprehensive data security approach, and Atlantic.Net has years of experience implementing each of them. Put simply, you want to ensure that data can’t be intercepted during transmission, can’t be read if it is somehow obtained, is stored in a safe environment, and is backed up in case the primary storage hardware fails.

As to the first, we use industry-standard Secure Sockets Layer (SSL) encryption on all connections to protect communication between client and datacenter computers. This can be taken further to create Virtual Private Networks (VPN) which use full tunneling to make data transmissions between devices as secure as possible. SSL is a standard security technology for web-based communications; VPN offers even greater security and can be particularly useful for mobile devices and offsite workers. Over the years Atlantic.Net deployed numerous data networks by utilizing Multiprotocol Label Switching (MPLS). MPLS has proven to providing secure point to point tunnels over own network, enabling clients to get the best of the secure connections available on the market!

If desired, any and all of your data can be stored in encrypted format using Public Key Encryption (PKE). This means that the files would be meaningless even if someone did manage to obtain them.

The third point, maintaining a secure environment, is more complicated. This kind of security means protection from both hacking and hardware malfunction. Protection from attacks requires you to be vigilant and stay up-to-date on the latest threats, which is difficult to do if you’re not a security professional. You would also need to devote considerable time and money to securing the physical environment for the storage hardware. And as to the fourth point, backup: by definition, your most recent data is probably the most useful to you at the moment, so backups also need to be continuous to be valuable.

All these steps take time and effort to do yourself, which is why many businesses don’t bother…until after their first major security breach.

In contrast, hosting your data with Atlantic.Net means you have a reliable partner with industry experience and knowledge of the latest threats. We’re constantly monitoring and upgrading our systems to ensure that your data is as safe as possible. Our physical facility itself is secure: SAS 70 Type II compliant, with concrete walls, palm scanners, keycard and eye-scan verification, and CCTV monitoring.

To conclude, we believe that storing your data in-house is much like keeping your money under the mattress…it’s fine until it’s not. Cloud computing lets you contract with a professional security resource while also saving money on your IT needs. We encourage our clients and prospective clients to learn more about the real risks and real benefits of both in-house data and cloud storage. If you have additional specific security needs, please talk to one of our sales engineers about how we could best serve you. You can always try our cloud servers risk free at www.atlantic.net!

HITECH Act – New HIPAA Privacy Law and the Service Providers

I was recently interviewed by Ms. Melanie Azam of the Orlando Business Journal for her story about the new HIPAA privacy laws taking effect on February 17, 2010, passed as part of the 2009 stimulus package.  She wrote an informative article about the new HIPAA regulations, which will affect companies that service the health care providers.

As discussed in the article, these new regulations will have a major impact on companies that deal with electronic medical health records, as they affect both the storage and safety of health-related records.  The newly passed Health Information Technology for Economic and Clinical Health (HITECH) Act applies to the service providers and accounting, software, and law firms working with medical records and medical providers, leaving many companies scrambling to get on board with the new, more rigorous privacy laws and regulations. Continue reading

Atlantic.Net Completes SAS70 Data Center Compliance!

Operating sophisticated data centers requires expertise and proficiency in many areas surrounding maintenance, proper controls and checks and balances. Atlantic.Net has long been serving clients that require world class infrastructure with adequate security controls in place and recently announced our SAS 70 certification. SAS 70 compliance confirms reliability, security, availability and processing integrity of our core products which include Managed Server Hosting, Dedicated Servers, and Server Colocation.

What is SAS 70 Audit?

The SAS 70 audit, or Statement on Auditing Standards (”SAS”) No. 70, was developed by the AICPA as a means of auditing and reporting on the effectiveness of operations and controls of a service provider. It is also considered an operational compliance benchmark for companies with the passage of the Sarbanes-Oxley Act of 2002.   A service auditor’s examination performed in accordance with SAS No. 70 (“SAS 70 Audit”) is widely recognized and represents that a service organization has been through an in-depth audit of their control objectives and control activities, which often include controls over information technology and related processes. Continue reading