Avoid the Pitfalls of Migrating Your Solutions to the Cloud

Editor's Notes

1. Businesses are migrating to the cloud Scale their business Compete more effectively Reduce cost Improve security & reliability Temporary projects Compute intensive Seasonal demand Storage migration
2. Not ready to move it all to the cloud Application not ready Single tenant Staff not ready Culture Fear, uncertainty, doubt Not ready to let go Sentimental Show trends Client concerns Security Compliance Control Proximity Application Readiness Some want: Hybrid Some public Some on-prem Some colocation Customers may choose AWS rather than buy from you Your security may not be good enough Managed
3. What is SSAE 16? The Statement on Standards for Attestation Engagements No. 16 (SSAE 16) is a set of standards developed specifically for certified public accountants (CPAs) to evaluate an entity’s internal controls and the impact a service organization may have on the entity’s control environment. This is particularly important as auditors attempt to accurately audit a company’s financial statements. The SSAE 16 standards were put in place by the American Institute for Certified Public Accounts (AICPA) and serve as the authoritative guide for in-depth audits of a third-party service organization such as 365 Data Centers. SSAE 16 is a relatively new set of standards published in April 2010 to supersede the SAS 70, the original guidelines for performing an examination of a service organization’s controls and processes. Businesses rely on SSAE 16 audits and reports to build trust and confidence in their service provider’s ability to design, operate and control environments on which their business depends. Additionally, SSAE 16 audits may assist an entity in complying with the Sarbanes-Oxley act or similar law or regulation. What are SOC reports? Service Organization Controls (SOC) Reports are prepared by an auditor in accordance with SSAE 16 standards and are specifically intended to evaluate a service organizations controls. There are three SSAE 16 SOC reports: SOC 1: Report on Controls at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting Type 1: report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period. Type 2: report on the fairness of the presentation of management’s description of the service organization’s system and the suitability of the design and operating effectiveness of the controls to achieve the related control objectives included in the description throughout a specified period. SOC 2: Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy SOC 3: Trust Services Report for Service Organizations. Use of these reports is typically restricted to the management of the service organization, user entities, and user auditors. Is 365 Data Centers SSAE 16 compliant? Yes, 365 Data Centers has been audited by a third-party auditor and found to be compliant with the SSAE 16 standards. We have an SSAE 16 Soc 1 Type 2 report that outlines the findings of the audit. A-lign CPAs performed the audit of our Colocation Services for SSAE 16 Soc 1 Type 2 at 100% colocation facilities. They conducted their examination in accordance with the attestation standards established by the American Institute of Certified Public Accountants to assess the suitability of the design and operating effectiveness of controls to achieve the related control objectives identified. 365 received an SSAE 16 Soc 1 Type 2unqualified audit opinion delivered with no exceptions. The scope of the assessment included 365 Data Centers’ colocation facilities in: Buffalo, NY; Chicago, IL; Cleveland, OH; Dallas, TX; Detroit, MI; Emeryville, CA; Indianapolis, IN; Nashville, TN; New York, NY; Philadelphia, PA; Phoenix, AZ; Pittsburgh, PA; Reston, VA; San Jose, CA; Seattle, WA; St. Louis, MO; and Tampa, FL. How does SSAE 16 certification benefit your business? Going through an SSAE 16 audit is a rigorous process. Only service organizations that have designed and implemented their controls and processes well and demonstrated operational effectiveness receive an unqualified audit opinion. Such audits are time-consuming and costly. Businesses that use service organizations that have been audited for SSAE 16 compliance should have a higher level of trust and confidence in that organizations controls and operational capabilities. Additionally, entity’s that are being audited themselves for SSAE 16, Sarbanes-Oxley compliance or similar law or regulation will find it easier to comply with requirements when using an SSAE 16-audited service organization. This will speed compliance and reduce the cost of compliance. Are 365 Data Centers’ SSAE 16 audit reports available to review? Yes, 365 Data Center’s SSAE 16 audit report is available to customers and qualified prospective customers and partners upon request. Please contact us for more information or to request a copy of our SSAE 16 report. View our News Release View our Confirmation of SSAE 16 Audit Opinion
4. What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers. The U.S. Department of Health and Human Services (HHS) published the HIPAA Privacy Rule in December 2000, which was later modified in August 2002. This Rule set national standards for the protection of individually identifiable health. Compliance with the Privacy Rule was required as of April 14, 2003 (April 14, 2004, for small health plans). HHS published the HIPAA Security Rule in February 2003. The Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. Compliance with the Security Rule was required as of April 20, 2005 (April 20, 2006 for small health plans). The Office of Civil Rights (OCR) administers and enforces the Privacy Rule and the Security Rule. Other HIPAA Administrative Simplification Rules are administered and enforced by the Centers for Medicare & Medicaid Services. The Enforcement Rule provides standards for the enforcement of all the Administrative Simplification Rules. All of the HIPAA Administrative Simplification Rules are located at 45 CFR Parts 160, 162, and 164. The Security Rule is located at 45 CFR Part 160 and Subparts A and C of Part 164. View the combined regulation text of all HIPAA Administrative Simplification Regulations found at 45 CFR 160, 162, and 164. Is 365 Data Centers HIPAA compliant? Yes, 365 Data Centers is compliant with the relevant sections of the HIPAA Security Rule across 100% of its colocation facilities. A-lign CPAs, a third party auditor, conducted a HIPAA assessment regarding 365 Data Centers’ compliance with the HIPAA Security Rule for the Administrative Safeguards, Technical Safeguards, Organizational Safeguards, Policies and Procedures and Documentation Requirements, and Physical Safeguards. A-lign concluded that 365 Data Centers had implemented the policies, procedures, and safeguards in compliance with the relevant sections of the HIPAA Security Rule. Additionally, A-lign concluded that 365 Data Centers had implemented the appropriate breach reporting procedures as required by the Health Information Technology for Economic and Clinical Health (“HITECH”). The scope of the assessment included 365 Data Centers’ colocation facilities in: Buffalo, NY; Chicago, IL; Cleveland, OH; Dallas, TX; Detroit, MI; Emeryville, CA (includes managed hosting services); Indianapolis, IN; Nashville, TN; New York, NY; Philadelphia, PA; Phoenix, AZ; Pittsburgh, PA; Reston, VA; San Jose, CA; Seattle, WA; St. Louis, MO; and Tampa, FL. How does HIPAA certification benefit your business? 365 Data Centers’ compliance with the relevant sections of the HIPAA Security Rule enables covered entities, such as, health care providers, health plans and health care clearing houses, to accelerate their compliance with HIPAA requirements to protect the privacy and security of health information. Covered entities would engage 365 Data Centers as a Business to help it carry out its health care activities and functions. Upon request, 365 Data Centers will provide a written Business Associate Agreement (BAA) demonstrates our specific HIPAA compliance with the Security Rules’ requirements. Are 365 Data Centers’ HIPAA audit reports available to review? Yes, 365 Data Centers’ HIPAA audit report is available to customers and qualified prospective customers and partners upon request. Please contact us for more information or to request a copy of our HIPAA audit report. Will 365 Data Centers provide a signed HIPAA Business Associate Agreement? Yes, 365 Data Centers will provide a written Business Associate Agreement (BAA) to covered entities upon upon request. Please contact us for more information or to request written BAA. View our News Release View our Confirmation of HIPAA Assessment
5. Proximity Low latency Easy access Because, the customer may not be ready
6. Tesla Think flexible Managed cloud services Public Private Managed private cloud FlexPod VCE Microsoft Hyper-V On-prem Move workloads and storage back and forth Cloud integration services