Securing colocation, it’s easy, right? Just provide rack space, power and an internet connection, and your customers will host their infrastructure and applications there and do the rest. Except it’s not that easy. Not when you factor in the cloud, outsourcing, business processes and data privacy regulation.
The hard-fact is that any service provider who thinks secure colocation is easy won’t be providing services for much longer.
Whether its colocation, contact center as a service, or anything in between – there’s are two inescapable truths:
- Customers don’t move to hosted environments to do what they’ve always done in their data centers or with their own infrastructure.
- Customers need you to be the strongest link not a point of failure when it comes to data security.
The name of the game is “value add” not a commoditized, low touch service.
Yes, customers want you to free them up to run a business, not a datacenter, but that’s just the start. They want you to assume some or even all responsibility for operating their contact center infrastructures. They expect you to become an integral part of their value or service delivery chain. They look for reliability and service levels, data protection and security. They rely on you for capacity and budget planning, innovation and new offerings.
It won’t just add up to closer relationships, but higher margins. Do well and your customers will incentivize you. Be poor and you could see hefty penalties. It all comes down to one thing: customer confidence. And this is driven by the way you make colocation secure.
So how do you better secure colocation? Here are 4 thoughts:
First, ensure the technology stack and operations environment are fit for purpose.
Second, put a greater focus on effective cybersecurity infrastructure and processes and SLA management.
Third, step change data protection to meet the wave of new regulation like the EU GDPR, the California Privacy Act (CCPA) or the Singapore Personal Data Protection Act (PDPA). The new reality is that suppliers as part of such services must also take on key legal responsibilities, for example as “data processor” under GDPR.
And fourth, recognize the new wave of cybersecurity. When it comes to colocation or hosted operations you must go beyond the traditional defensive security infrastructure of firewalls and anti-virus. Where do you start? I’d begin with the next generation of packet capture tools. Why?
- They can provide effective intrusion detection
- They enable evidence gathering, compliance and effective mitigation and post-incident analysis
- They can be effectively combined with active defenses such as “honeypots” and they provide effective integration into forensic analysis platform.
With the average time between a breach occurring and detection of around 6 months, packet capture is a powerful element in an effective defense perimeter. It allows operators to fully understand the scale of any security or operational incident. It enables them to take effective corrective measures. And it also provides evidence: not just of a possible incident including possible data extraction or SLA breach, but also provide actual evidence of compliance where needed.
For all these reasons, packet capture provides an effective operational toolset as well as an insurance alike.
Service providers who see colocation through a security lens and not just a space, power and connectivity lens will build customer confidence, create additional services opportunities and most importantly, loyalty in a fast-commoditizing marketplace.
The trick is a well-designed and executed approach and a pre-occupation with “value added services”. Adding value means providing customers with confidence and actual evidence that they are in good hands in addition to protecting the service providers business and reputation.
At the heart of this is a modern cybersecurity perimeter that has to include packet capture. But that’s only the start. There are additional active and advanced security technologies that can increase your value proposition.
To learn more about these see our webinar on a “no-nonsense cybersecurity approach” presented by Sean Mc Allister, former Technical Director of Cybersecurity of a number of US government agencies including DISA, NSA, the Pentagon and others.