The rise of cloud computing, high-speed broadband, and the push towards digital transformation have popularised the use of software as a service (SaaS). This growing model of distributing and licensing software that is centrally hosted is increasingly causing concern among IT managers worried about the security and availability of their data centres.
Twenty years isn't much in the grand scheme of things, but in the world of technology, it's an age. It wasn't much more than two decades ago when businesses were still communicating by putting pen to paper, using cheques to make payments and, if you wanted to arrange a meeting with a customer, you might have to wait a week for the opportunity to see them. Face to face. In person.
The world of business and technology has come a long way since then. Email is standard, customer relationship management (CRM) systems are the norm and now, with the help of more powerful tools such as live chat, business automation and lead generation, we can do more than ever before.
Here are the three considerations you need to address when choosing your next data centre.
Can you trust your data centre provider when the going gets tough?
In the early days of data centre development, companies choosing to host data offsite had to physically visit the server hotel, configure each server, put it in the rack, and get the go-ahead from the customer before making the system live.
It was a laborious and time-intensive process, which came to a complete halt if anything went wrong. There was minimal redundancy, low availability, and the user was often responsible for administering routine maintenance, patches, and updates. Despite this, it was still a cheaper option than purchasing and managing a network of physical servers onsite.
Eventually, this was made easier when data centre providers started to dabble in cloud. Commercially available, off-the-shelf solutions such as Citrix XenServer were used to provide a cloud virtualisation platform. This works well enough, but for users that need a high level of customisation, this can start to cause problems with downtime and resolution time as well as become unfeasibly expensive.
In these situations, only a bespoke solution will do. Here, you should expect your data centre provider to help with migration, installation of new servers and custom configuration. If your provider can offer flexibility such as using a clustered setup, this means that the system will stay live even if a server goes down, seamlessly moving data to a redundant server.
Being able to respond to a business' growth is also key. If you know that those 70 servers you just installed will need to be expanded to over 100 in the next year, it's good to know that your provider can keep up.
Is your provider compliant to security and regulatory requirements?
With the advent of big data, the Internet of Things (IoT), and industry 4.0, security and regulation has become a bigger concern. Once data moves offsite, it becomes harder to know exactly where it's gone — it may not be hosted where you think, or even in the country you think it is located. Provided the data stays within Europe, the UK Data Protection Act or similar stringent regulations will be perfectly adequate, but outside Europe, data regulations may not be sufficient.
This problem is compounded when you are developing IT software for regulated industries such as financial services, healthcare, medical, and defence. Here, business leaders must comply with the likes of the Payment Card Industry (PCI) and Data Security Standards (DSS) regulations, the UK Data Protection Act (DPA), ISO 27000 series, Sarbanes-Oxley (SOX), and the Health Insurance Portability and Accountability Act (HIPAA), to name just a few.
The crucial consideration here is that not all data centre providers will be compliant with all regulations. It's the responsibility of business and IT leaders to ensure that these measures are in place.
The best advice when choosing your data centre is to make sure your supplier uses compliance-ready hardware and software with advanced safety measures, high-bit encryption, and the latest security certificates, as well as being equipped with round-the-clock video and audio monitoring.
Despite this, the best laid plans of mice and men often go awry. In times when the service does experience problems — for example, during an extended Distributed Denial of Service (DDoS) attack in the financial sector — customers are given a personal account manager and a dedicated phone line. This is indispensable when, as a business, you're fire-fighting an influx of inbound calls from irate customers demanding to get back online immediately. It is during times like these that being able to tell your customers that you've mitigated and managed the problem is invaluable.
You can't afford to keep your data centre out of sight and out of mind
The evolution of data centres has certainly afforded businesses lots of flexibility and operational efficiency improvements, but this doesn't mean that you can leave your data centre out of sight and out of mind. Most service level agreements (SLAs) make it compulsory that the SaaS provider maintains responsibility for the continued maintenance and updates of software, meaning that the buck stops there and not with the data centre.
As a result, it's crucial that you roll out regular updates, patches, and hotfixes as they become available. Having security experts onsite is vital to ensure that regular vulnerability scans are performed and properly addressed. For example, recent changes to PCI regulations means that TLS1.0 and TLS1.1 — the replacements for earlier Secure Socket Layer (SSL V3.0) encryption — are being removed as an example of strong cryptography in the PCI and DSS regulations and can no longer be used as security control after June 30, 2016.
Safe and sound
By giving some careful thought to your data centre provider's level of flexibility and compliance, as well as your own responsibilities, businesses can continue to develop successful SaaS platforms. Although building a sustainable and cost-effective long-term relationship might still demand that you engage in the age old tradition of meeting with your supplier face-to-face.
Daniel Horton, Parker Software