In a landscape characterised by intense competition, changing technology and fast-evolving business needs, the ability to demonstrate compliance is becoming even more important.

Whether it’s driven by industry regulation or customer demand, you will be called on – at some point – to demonstrate your compliance with standards and certifications.

In this article, we discuss data centre compliance, what accreditations we hold, and why you should be careful when choosing a third-party provider.

The importance of data centre compliance

Data centres should be compliant with a range of recognised standards. We consider this to be paramount.

The importance of compliance is not just to tick the box of an abstract regulatory requirement, but to add real value to your business by guaranteeing a secure, reliable, consistent, and continually improving service.

In a highly-regulated industry, you may need to show compliance with some or all of these standards yourself. Hosting your systems in a certified data centre provides an essential confirmation of your commitment to security and compliance

All our data centres are designed from the ground up to ensure that your servers are physically secure. This approach means that our colocation services don’t complicate your compliance issues, but, instead, make it easier.

What our data centre accreditations mean

A modern-day data centre should have the highest level of physical security. At our data centres, you can expect multiple access controls, internal and external CCTV, steel perimeter fencing, and visitors escorted by staff.

Implementing these measures has earned us several accreditations. These certifications are only awarded after rigorous independent audits and show our commitment to the highest levels of service and security.

BSI – ISO 27001

 ISO/IEC 27001 is a global best practice framework for an information security management system (ISMS). By achieving this certification, we can demonstrate our ISMS meets international best practices and holds up to scrutiny. For you, this means we can handle your information securely.

BSI – ISO 14001

This is a globally-recognised environmental protection standard. ISO 14001 is used across the world to reduce environmental impacts and is an excellent framework to help implement an environmental management system (EMS). By having this accreditation, it demonstrates our ability to measure and improve on identified areas of environmental responsibility.

BSI – ISO 9001

 ISO 9001 is the Quality Management System (QMS) standard. Earning this accreditation means we can streamline operations, reduce costs, and continually improve our quality management system. You can take peace of mind, then, that we are always looking to identify areas for improvement.

PCI DSS (Payment Card Industry Data Security Standard) compliant

The PCI-DSS standard specifies the minimum security processes to be applied to protect payment card data and transactions carried out.

We have been assessed against the PCI-DSS physical security requirements at our data centres in Edinburgh Medway, Maidenhead, Milton Keynes, Newcastle, South London and South Yorkshire.

 Cloud Security Alliance (CSA) STAR certificate

Cloud computing has opened up many new opportunities, but it also presents several new security risks. This certificate shows that we have one of the highest standards in the cloud security industry. For you, it means continual progress, demonstrable safety, and transparency.

SSE Green Certificate

SSE Green demonstrates our commitment to only using 100% renewable energy. That is, clean electricity generated by wind and hydro assets. You can be confident that the electricity we use to house your data is renewably sourced and has zero carbon emissions.

Advantages of data centre compliance

Data centres are our business. That means we have a greater degree of security and compliance than many organisations could achieve on their premises.

Partnering with us as your colocation or managed hosting provider means that you don’t have to keep abreast of ever-changing compliance requirements. You can leave it to the experts.

Regulatory controls that would be burdensome for you to understand, implement, document, and demonstrate in an audit have already been implemented in our data centres.

We can provide the certificates to prove this to your auditors. That means your IT professionals can be freed from the need to deal with compliance frameworks and, instead, perform work that will directly benefit your business.

ISO data centre compliance

The ISO approach to certification requires a continuous programme of audits to ensure continued compliance. The audit is structured around a defined global list of requirements and controls, which independent audits will confirm that we remain compliant with.

Our certifications are valid for three years from the point they are awarded. However, during that period, a schedule of on-going audits are established to show that the management system is constantly reviewed using a sampling approach. This is also to ensure that a development and improvement cycle is undertaken.

Come and see for yourself

For further peace of mind, you are free to come and audit our data centres yourself.

Subject to the agreement of suitable controls to protect our other customers, we will allow physical penetration testing of our facilities.

Want to find out more about how we keep your data compliant? Speak to our team today.

The post Data Centre Compliance Standards Explained appeared first on Pulsant.

Continuous compliance is about achieving compliance and increased security across your IT and business environments, and then maintaining compliance on an ongoing basis.

Many companies faced with the worry, or recent experience, of a cyber-attack, rush to make big changes to their security measures, but a few months after the event they often lapse into a comfortable state where no one is keeping a keen eye on security procedures and compliance requirements on an ongoing basis. This leaves them open to risks and unprepared for future threats.

Continuous compliance is about developing a culture and strategy within your organisation that continually reviews your compliance position to ensure you are meeting your industry and regulatory demands whilst maintaining secure systems. In short, continuous compliance aims to take IT teams away from responding reactively to audit requests and attacks through to being proactively prepared for future threats and data reporting requirements.

It takes a village

Continuous compliance can’t be achieved in the data centre alone. It requires people, processes, expertise and tools to come together in order to achieve a state of continuous compliance. This can be difficult to do, especially in industries where regulations about what needs to be reported vary and compliance frameworks are regularly changed, which is why continuous compliance requires a step-change in how compliance and security are assessed, delivered and monitored across an organisation.

Essentially, continuous compliance involves an organisation-wide strategy and focus in order to be delivered effectively.

Cloud can muddy the compliance waters

It can be difficult to keep track of your compliance position when you have a complex hybrid IT environment, spanning internally-housed IT systems, private clouds and public cloud services, not to mention SaaS applications. Working across different environments can make the job of achieving a standard level of compliance across all of your activities seem more complex, which is why many compliance and security specialist providers are focused on helping organisations with multi-cloud environments to achieve and maintain their compliance, gaining more visibility into the cloud services they are consuming and the compliance and security position of each environment.

Setting your security and compliance goals

It usually starts with an organisation defining their security and compliance objectives and looking at how best they can meet these requirements today, but also in the future. Capitalising on tools to automate reporting and activities such as backup and software licensing compliance checking helps to save time and create a more comprehensive workflow around the process of compliance, rather than leaving it to individuals to check and update systems.
Nowadays, there are lots of sophisticated monitoring tools that can proactively assess your environment to spot developing threats so that you have more time to plan and respond in the event of a security breach.
And for reporting to industry bodies, there are many automation tools to make the data collection and sharing process as simple and integrated as possible.
This is important for organisations who need to quickly achieve compliance across their IT, such as ISO27001 or PCI-DSS compliance frameworks.

What is being monitored?

From an IT perspective, continuous compliance practices could involve the monitoring of:

• System logs
• Software configurations
• Licensing compliance
• Applications
• User access and identity management
• Cloud platforms and services review
• Alerts for changes or unusual activity in your environment
• Adherence to best practice security procedures
• Creating non-compliance reports detailing where there are security gaps to focus on

Working with experts

Our approach to delivering continuous compliance is through our Continuous Compliance platform which brings together everything you need to deliver continuous compliance behind one single pane of glass, such as managing different cloud environments, 3rd party tools, security experts and proactive monitoring. We deliver all this through our team of 24/7 security specialists and monitoring experts, who carry out regular penetration testing and vulnerability assessments so that you are armed with the right info in the event of a threat to your business or IT systems.

Find out more by visiting our Continuous Compliance page.

The post What is Continuous Compliance? appeared first on Pulsant.

Managed hosting is managed infrastructure in an external data centre provider’s facilities.  This can consist of servers, storage, networking and more, depending on the service you need.  It’s the next layer up from co-location services.

Managed Hosting gives you the ability to tailor your IT services to fit your business compared with true cloud services. This is especially useful for customers with legacy IT environments who may not be able to move all applications or workloads over to a cloud solution or a virtualised environment.

Some Managed Hosting services are delivered up to and including the Operating System (OS) layer, whereas some go up to application layer. Some providers offer Platform-as-a-Service as part of their Managed Hosting offering; such as delivering database servers to customers for them to install their own applications.

Managed hosting is usually physical servers with an OS provided to the customer by the service provider for them to manage.  The service provider is responsible for the OS and hardware maintenance, whilst the customer manages everything above the OS.

Who does Managed Hosting suit?

Managed hosting suits organisations who want to specify the build of their servers and storage down to the last detail, or for organisations who may need that little bit more control over their IT environment and how it operates compared with traditional cloud services.

Managed Hosting providers can deliver the infrastructure and OS layer whilst supporting and monitoring all systems, leaving you to manage your own applications and services.

For applications or industries that require workloads and data to be kept separate from other customers, organisations can instead choose dedicated Managed IT environments without the burden of delivering the services from within their own data centres.

This helps customers who need to achieve certain compliance or industry regulations, as they often need to have their systems delivered in a more bespoke or dedicated model.  For example, certain Government organisations are required to keep their IT systems and data separate from other companies so may need dedicated servers and storage.

On the other hand, a company might want to move their entire IT environment to a cloud model to reduce Capex costs, but need a solution that can continue to support their legacy IT environment.

Different Managed Hosting options:

What is Dedicated Server?

Dedicated Servers are dedicated, physical servers that the service provider houses in their server racks.  The service provider sets up the OS and networking so that customers can connect into the server to manage everything themselves.

In this scenario, the service provider monitors the health of the physical server, and provides availability and support assurances around the physical functioning of the server.

This is for customers who want to manage their own physical servers from the OS up, but don’t want to house the server or be responsible for the physical health of the server.

What is Managed Server Hosting?

Managed Server Hosting offers more support than Dedicated Server.  In Manager Server Hosting, a service provider delivers the server and OS layer to the customer, but also offers a wider support capability and more comprehensive SLAs, often including some platform services around applications and performance monitoring.

Managed Server Hosting can sometimes overlap with cloud services where the service provider also includes some degree of application management on top of the servers.

What are Virtual Private Servers?

Virtual Private Servers are like dedicated servers, but they are virtual – not physical – machines.  This means the physical hardware is shared between multiple customers.  However, Virtual Private Servers often don’t have the same scaling ability as true cloud services, so these are designed for more static environments.  The virtual server is delivered to the customer and they then manage the installation and management of their applications.

What is Managed Storage Hosting?

Managed Storage Hosting can fall into two categories: dedicated and shared infrastructure.

In dedicated storage hosting, a service provider manages the physical storage in their data centre, and monitors the physical health of the storage array whilst the customer accesses the storage array and manages everything else themselves – such as how data is replicated, stored or what type of storage the data resides on.

For dedicated storage hosting, there is a minimum entry price and capacity requirement as an entire storage array needs to be purchased for a particular customer.

In shared storage hosting, a customer takes a slice of a shared storage array, meaning they can access enterprise storage without minimum price and capacity restrictions.

In cloud storage, usage is based on consumption and charged for based on how much capacity is used.

What Are Managed Desktop Hosting Services?

Hosted desktop services are where desktop instances sit in the central data centre, rather than on individuals’ PCs and laptops.  Desktops are delivered virtually to devices, so the risk of losing data or a device experiencing downtime is lower as everything is managed centrally by a service provider.  Patching, monitoring and support is delivered centrally.

There are two options for customers exploring Managed Desktop Hosting:

Shared Session: Users are sharing a central desktop, and accessing a centralised ‘view’ of their desktop and applications through their local devices.

Virtual Desktop Infrastructure (VDI): In VDI, a user’s desktop sits on its own virtual machine so when they connect, they access their own customised virtual desktop that can be tailored to each user.

With Managed Desktop Hosting, customers can choose between dedicated environments or shared infrastructure where multiple organisations are using the same physical resources to reduce costs and reduce the barriers to entry such as the number of users or capacity.

More control

With evermore focus on achieving cloud compliance, a shared, standardised cloud environment may not always be the answer for certain applications and data.  That’s why customers may choose Managed Hosting services which can be tailored to suit your exact needs, within a hosted environment.

For legacy applications and systems that can’t move to the cloud, Managed Hosting and Dedicated Server offer an alternative to bridge the gap between in-house IT and cloud services.

In short

Managed hosting enables you to choose exactly what you want.  So, perhaps you want to host a mix of virtual and dedicated servers with an external hosting provider, but plan to keep your storage at your own data centre. In this scenario, a cloud service might not be able to flex to meet your needs across your entire IT environment.  However, a Managed Hosting solution from Pulsant can be crafted to fit your specific IT and business requirements.

Find out more about Pulsant Managed Hosting services and options.

The post What is Managed Hosting? appeared first on Pulsant.

Compliance remains a critical element of business today — and can present a major challenge to success. It is not just important for those in heavily regulated industries, but affects organisations across the public and private sector.

In addition to the challenge of achieving IT compliance, another obstacle is tracking and maintaining that compliance. It is not just a check box exercise that can be carried out once and forgotten about; rather, compliance is an ongoing, organisation-wide endeavour that touches on all aspects of the business.

What then is the solution to achieving and maintaining IT compliance in a streamlined and effective way?

In this whitepaper we discuss the compliance landscape as a whole, looking at specific challenges, as well as:

• The importance and benefits of continuous compliance
• The obstacles to making IT compliance work
• The use of specialised solutions, such as the Pulsant Continuous Compliance dashboard
• Pulsant’s approach to IT compliance, including monitoring and maintaining it

For more information visit our continuous compliance page, or download the full whitepaper.

The post Making the case for Continuous Compliance appeared first on Pulsant.

Cloud provider realises vision of delivering end-to-end secure and compliant hybrid platforms

Reading, UK – 15 August 2017 – Pulsant, a leading UK provider of hybrid cloud solutions, has announced it has completed the acquisition of LayerV, a specialist public cloud solution integration company, with a strong focus on compliance, security and cloud automation.

The acquisition is part of a targeted growth strategy and sees Pulsant gaining exclusive intellectual property around regulatory and cloud insight, strengthening its multi-cloud capabilities, particularly around continuous compliance and security, as well as its AWS offering. The new compliance solutions will be most beneficial to customers in the public sector, retail, legal and financial services where statutory compliance and data governance are critical, and where regulations such as PCI, ISO, GDPR and those set out by the FCA, must be adhered to.

“LayerV has an excellent reputation for providing advice to customers on public cloud solutions, and helping them migrate into cloud environments. It also provides industry-leading managed compliance, security and DevOps services across multiple clouds, including AWS, Azure and Google. These services are particularly important in regulated industries,” says Mark Howling, CEO, Pulsant.

“LayerV’s capabilities will bolster Pulsant’s offering in public cloud services, complementing our own in Azure Public cloud, private clouds, hosting and colocation. This will enable us to deliver more comprehensive solutions to our existing customer base, while expanding the services we can offer new customers.”

LayerV employs more than 30 staff across the UK and Lithuania, all of whom will be integrated into the Pulsant business, including the company’s two founders, James Letley, CEO, and Javid Khan, CTO.

“The company’s philosophy, business approach and focus on innovation is very similar to our own, which will only further strengthen our position as a provider of end-to-end solutions in the multi-cloud environment,” says Howling.

LayerV is an AWS Advanced Consulting Partner, Managed Service Provider and Channel Reseller, as well as a Microsoft and Google Cloud Platform Partner. It delivers AWS and Microsoft Azure managed services that complement those offered by Pulsant.

“We are delighted to be joining Pulsant. There is great synergy between our two companies and being part of an established organisation like Pulsant means we’re able to truly benefit from its wide industry knowledge, broad customer base, mature data centre offerings and focus on hybrid cloud solutions,” says James Letley, CEO, LayerV.

The deal follows Pulsant’s acquisition of IT services company Onyx in June 2016, and is a further step in its targeted growth strategy.

The post Pulsant announces acquisition of LayerV appeared first on Pulsant.