12-23-13 | Blog Post
With 2013 wrapping up and 2014 close on the horizon, many organizations are reviewing their IT infrastructure needs. For some, it’s an active, ongoing conversation; others wish they could sweep that discussion under the desk for another year. Regardless of your business objectives, you and your organization need to explore these questions to find the right vendor to entrust with your IT infrastructure needs.
1.) What solution will work best for our organization’s needs?
Know and rank your business priorities. What’s most important? Computing power from a dedicated server? Scalable hardware that can scale with your business needs? Pure square footage for a colocation environment? Disaster recovery options? What are the demands of your IT infrastructure today? Will that solution still be able to meet the needs of your organization in 3-5 years? These are the kinds of discussions that you and your potential vendor should have to establish a solid partnership and discover the best solution for your organization.
2.) Does your organization need to meet specific compliance requirements (HIPAA, PCI, Safe Harbor, SOX)?
Does your organization handle patient health information, cardholder data, or other sensitive information? If so, finding a vendor that can be your partner in the auditing process and will be transparent with their independent audit reports can save significant time, money, and unnecessary risk. Depending on what sensitive data your organization stores, transmits or receives, your business may need to meet one or more of the compliance standards below:
For healthcare organizations that store, transmit or receive patient data, you will have to follow guidelines set by HIPAA (Health Insurance Portability and Accountability Act).
For e-commerce, retail and financial organizations that store, transmit or receive cardholder data, you will have to follow guidelines set within PCI-DSS (Payment Card Industry Data Security Standards).
For organizations transmitting data between the United States and Europe, you will have to follow guidelines set within Safe Harbor.
For organizations dealing in financial recordkeeping and reporting regulations, you will have to follow guidelines set within SOX.
3.) Does the vendor have the products to meet those specific compliance requirements (HIPAA, PCI, Safe Harbor, SOX)?
Depending on the compliance requirements your organization needs, you will need different products and solutions to supplement each individual requirement. Take PCI for example:
10.5.5: Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts.
11: Deploy file integrity monitoring tools to alert personnel to unauthorized modification of critical system files, configuration files or content files. Configure the software to perform critical file comparisons at least weekly.
Does your potential vendor have a solution to meet these requirements? If not, then they are not following the proper guidelines to meet PCI compliance for you or even their organization.
4.) Can they provide the audits to our compliance requirements?
Does your potential vendor offer to show and give you a copy of their compliance audits? If not, compliance may not be part of their core culture. Look for a partner that treats compliance and security as a core part of daily processes, not just a checkbox to fulfill a specific audit. Do your homework to verify the real substance behind every “compliant” claim.
5.) Can they be a potential partner to take our business to new levels?
Outsourcing your IT infrastructure needs is a daunting task from any perspective. Does the potential vendor know and understand your business objectives? Do they really understand your business needs well enough to architect a solution that will server your organization for 1, 3 even 5 years? By having the right partnership in place with your vendor and your organization, you can spend more time working on your core business objectives while your vendor keeps mission critical business applications secure, compliant and available.
Discuss and answer the questions above at length to make sure there are no red flags. You’ll sleep better at night knowing your selected vendor can be a trusted partner to house your IT infrastructure not only for 2014, but for many years to come.