Let’s play a quick game of word association: What comes to mind when you read the words “regulation” and “compliance?”
Complex? Costly? Endless? Burdensome?
Regulatory compliance is a vast and critical responsibility that depends on your key providers as much as your own practices. One of the essential partners is your outsourced data centers.
Before organizations started regularly partnering with cloud and colocation providers, IT leaders were skeptical that they could maintain security, privacy, and compliance if they relied on outside providers for their critical technology operations. Today, seemingly endless streams of data are stored and transmitted from outsourced data centers. And while the initial broadstroke compliance concerns associated with data center outsourcing were overblown, not all providers take the same measures to protect your data and business.
The cost of noncompliance can be significant, if not crippling. And for businesses in healthcare, financial, pharmaceutical, and retail industries especially, ensuring the compliance practices of their key partners is instrumental.
What are the most important compliance standards related to data centers, how does noncompliance affect your organization, and what are all of the costs associated with such a failure?
The two most important compliance standards that impact data centers are Service Organization Control (SOC) 2 and Statements on Standards for Attestation Engagements (SSAE) 18. Data centers with these certifications are known to meet the highest standards of information security.
Payment Card Industry Data Security Standards (PCI DSS) and other similar measures of compliance are essential. However, there may be variances in how data centers rate themselves on their PCI DSS compliance and apply its principles. HIPAA too is an incredibly important compliance measure. But just the mention of HIPAA compliance on a website can be a fairly unreliable measure of security. Data centers that don’t store or access PHI are only required to perform minimal testing, leaving great room for vulnerabilities. Data centers that pay close attention to the highest standards and offer top level compliance should be favored to protect your company.
SOC 2, on the other hand, is administered by the American Institute of CPAs and covers security, availability, processing integrity, confidentiality, and privacy SSAE 18 covers the reporting standards for SOC 2. When in doubt, partner with a provider that follows these regulatory standards.
Beyond the cost of noncompliance, a key factor for any business is ensuring your compliance has many other key benefits.
For starters, maintaining compliance is a product of keeping up with changes and innovation. It creates an opportunity to re-evaluate your systems and internal innovation. That process, which should include compliance audits, will give you valuable insight and analytics that empower you to make informed decisions regarding your security, systems integrations, and current and future needs. With more informed decision making, you’ll be able to grow while maintaining stability.
Customer expectation is another essential byproduct of compliance (or noncompliance). Data security is a mainstream topic. It’s on the minds of more than business leaders and IT professionals – It’s a point of concern for your customers. By ensuring your data center is protected against noncompliance, your customers won’t be put in a position to question their trust in your business.
According to the 2017 Ponemon Cost of Data Breach Study, the average total cost of a data breach grew from $3.8 million to $4 million, while businesses incurred an average cost of $158 for each lost or stolen record containing sensitive and confidential information, up from $154. The study also found the difference in cost between different sources of data breaches:
The total costs of a breach or leak stem from a number of different sources, of course. Breaches often incur attorney’s fees and accumulate costs related to the investigation, response, notifications to regulatory organizations, victim identification, public response, victim outreach, and internal and external communication campaigns.
Merchants governed by PCI DSS – those that accept credit or debit card payments – face fines as high as $100,000 per month for noncompliance. In the healthcare industry, HIPAA noncompliance can climb as high as $50,000 per violation (or per compromised health record). Violators may also be subject to criminal charges that can result in jail time.
Some of the most critical costs of noncompliance are the indirect expenses – from downtime and the operational and productivity loss to the reputational damage and loss of future business.
The NTT Communications 2016 Risk Value Report found that 25% of businesses expect their company to face a data breach in the future. Ponemon Institute’s study found it 26% likely that a material data breach involving 10,000 lost or stolen records will occur in the next 24 months.
The likelihood of a data breach is far too great to risk your compliance on partners that don’t protect your information the way you should be protecting your own information. You need to choose a data center provider that will safeguard your assets, at rest and in transmission.
How can you select a data center that can address your compliance needs and add value to your business? Download your copy of our informative whitepaper to learn more.