Powering Reliable BCDR with Axcient’s Cloud and Data Center Security
When a vendor has its own cloud or data center, how do you know it’s secure? Providers should have detailed security information, processes, and third-party certification available to put your mind at ease. Keep reading for what questions should be asked, and hear how Axcient answers them.
Cloud adoption continues to be a focus for many small to medium-sized businesses (SMBs), and with that comes the need for due diligence and research. This is especially true in highly regulated industries like healthcare, financial and legal services, and government. To properly secure these clients, and all clients, MSPs need to ensure their vendors can at least fulfill minimum security baselines. At most, your vendor goes above minimum requirements to provide additional layers of security for rapid and reliable business continuity and disaster recovery (BCDR).
In this article:
- Assess your vendors’ cloud and data center security with three questions.
- Hear how Axcient is answering each one to use as a benchmark for comprehensive data protection.
- Get resources to help discuss security with your current vendor, or use our HIPAA Compliance Guide for Axcient partners to see how we’re doing it.
Break Through the Marketing Bull With These 3 Questions
It’s not news that many of the marketing claims made by businesses are not verified facts. So when you hear those hyperbolic statements, buzz words, and “best” claims – especially when they relate to something as serious as cloud and data center security – keep digging. Access and data protection are the top two most important aspects; these are the three questions to ask vendors about their cloud and data center security.
- Where does your cloud data reside?
- Is your cloud data accessible?
- Is your cloud data highly resilient and secure?
How a vendor answers these questions highlights their dedication to cloud data security. They can also help you make sure that your values align with the values of your vendor. Based on supporting evidence, like third-party confirmation of vendor claims and test results, MSPs should come away feeling confident with how their cloud data is being secured. Certifications validate the vendor’s security operations and allow MSPs to piggyback on that layer of trusted security with clients. Partnering with like-minded vendors builds on an MSP’s reputation and commitment to clients.
To illustrate Axcient’s security-first approach to backups, cloud data security, and BCDR, we answer the three questions…
#1: Where does your cloud data reside?
Tens of thousands of companies worldwide choose to host their data in one of Axcient’s four data centers. Located in Atlanta, Georgia; Salt Lake City, Utah; Kelowna, British Columbia, Canada; and Amsterdam, Netherlands, all of Axcient’s data centers are certified by the Standards for Attestation Engagements (SSAE) No. 16 Type II, or System and Organization Controls Report (SOC). The SSAE 16 Type II, or SOC certification, is one of hosting companies’ most rigorous auditing standards. With this certification, MSPs and their clients can rest assured knowing that Axcient’s cloud data has received the highest service level attainable for virtual server hosting companies.
Each data center is strategically located in a disaster-safe area and physically secured with hardened construction and seismic reinforcements, razor fences, armed patrols, video surveillance, and biometric scanning, among other protocols. All equipment entering these facilities is checked, audited, and logged by security personnel. Finally, Axcient engineers monitor and manage all data center networks, servers, storage, services, and other infrastructure 24/7/365. They have virtual control over every component in each data center from the moment it is installed.
#2: Is your cloud data accessible?
Accessibility is necessary for business continuity. During a cyberattack, data loss incident, or natural disaster, cloud data, specifically backups, are critical to recovery. On average, the Axcient cloud boasts 99.999% reliability, which translates to less than five minutes of downtime per year.
Proprietary Silent Data Corruption Protection uses end-to-end checksums to “tag” data with strongly verifiable identifiers and creates redundant copies to ensure further cloud data access. These tagged, signed, and encrypted copies are stored on physically separate devices to provide the highest degree of data integrity assurance. Another one of Axcient’s proprietary technologies, Chain-Free backup, provides unlimited data storage and retention for our MSP partners. MSPs can meet long-term compliance requirements without chain reseeding, data bloat, storage overages, or any of the other complications that come with legacy chain-based backups. The data is always saved, stored, backed up, and available in the Axcient cloud.
#3: Is your cloud data highly resilient and secure?
All of Axcient’s data centers are designed for ultimate resiliency. In addition to the physical safety components listed under question one, we also use two separate external and internal automation monitoring systems that utilize different technology to monitor the same systems. This extra layer of redundancy is also extended to our backup generators, which include in-ground fuel tanks for uninterrupted power; our HVAC systems for temperature and humidity consistency; our multi-homed Border Gateway Protocol (BGP) routing and switching infrastructure with cold spares on-site; and multiple redundancy systems to protect against hardware, firmware, and software faults.
For a complete list of the physical and virtual security measures being implemented for Axcient Cloud security, check out the Axcient Cloud Data Sheet >>
Leveraging Security to Meet HIPAA Compliance Regulations
When MSPs partner with a security-first vendor, they get the opportunity to expand their services by targeting verticals that require industry compliance. Axcient has undergone strict audits to ensure compliance with various federal standards, including HIPAA, FedRAMP, FISMA, FINRA, and GDPR; plus, we’re SOC 2 certified. The Health Insurance Portability and Accountability Act, or HIPAA, was expanded through the Health Information Technology for Economic and Clinical Health Act (HITECH) and is one of the most prominent compliance standards in the U.S.
HIPAA requires businesses to implement a data backup and disaster recovery (BDR) plan that protects and mitigates the risk of electronic protected health information (ePHI), or individually identifiable health information, from being disclosed. As a HIPAA Business Associate under the law, Axcient has proven our ability to meet HIPAA’s data privacy, confidentiality, integrity, and availability requirements. While Axcient’s cloud and certain services running on the Axcient cloud meet HIPAA and HITECH obligations, MSPs need to understand that the responsibility of configuring Axcient services to meet HIPAA requirements within specific environments is that of the MSP and their client. Similarly, forming and enforcing HIPAA compliant policies is also the responsibility of the MSP and their client.
Using Axcient alone does not equal HIPAA compliance, but with Axcient, MSPs and their SMB clients can meet HIPAA standards for compliance. In our HIPAA Compliance White Paper: A Guide for Companies Using Axcient Services to Facilitate HIPAA and HITECH Compliance, Axcient provides an in-depth look at the minimum security baseline guidelines for each Axcient product: x360Recover, x360Cloud, and x360Sync. Using this guide, Axcient partners can configure product components to meet HIPAA and HITECH requirements quickly, easily, automatically, and affordably.
About the Author: Carissa Johnson // Product Marketing Manager, Axcient
Carissa Kohn-Johnson has a background in behavioral and physical healthcare technology and information technology and currently works as the Product Marketing Manager for Axcient. She has a lot of MSP Channel experience from planning and attending hundreds of conferences and tradeshows, and found her passion in technology, and working with MSPs in particular. She serves on the Information Services Advisory Board for her community and feels most at home with other technology-forward people. Connect with her on LinkedIn – perhaps you can contribute to the Axcient blog?
More Great Stuff From Our Blog:
Check out some other interesting pieces from our blog: More advances in Usability and Automation: hot new capabilities in automation and usability releases for AutoVerify, failback for Hyper-V, and Local Cache in x360Recover, or get the skinny on how we can offer unlimited data retention and storage with no complicated tiered pricing (Seriously!), learn how you can ditch pricey on-site appliances with Local Cache for Direct-to-Cloud BCDR., we dove into how chain-based backup works and why chain-free is the way to be, we talked with Jason Phelps from Huntress Labs about planning for the next ransomware attack, and hear our CEO David Bennett explain why the current cybersecurity landscape means traditional backup is dead.