Submitted by Alex Teu on June 11th, 2009
This may sound like the beginning of a lame joke, but... did you ever hear about the story of the woman who bought her elderly mother a new mattress and after throwing out the old mattress, the mom remembers that she had stashed in her mattress $1 million cash? That's exactly the what I heard this morning on the radio as I was driving to work this morning.
This reminds me of the businesses that come to LeapFILE to solve their longstanding file transfer problems but have reservations about allowing a 3rd party provider manage their corporate data. The common refrain is that they have always had their applications running inhouse, and do not want data leaving their corporate network. Of course, data is already leaving their corporate networks every day to the world wide network known as the internet, but we'll put this little fact aside for now. I then explain that businesses from the most regulated industries -- like banks, accounting firms, financial services firms, and health care providers -- come to LeapFILE BECAUSE of data security. In addition to securing customer data with encryption, document expiration controls, file deletion policy setting, and audit trails, LeapFILE houses customer data in a data center facility that is operated like Fort Knox.
Physical Security includes the following:
• Data center access limited to Rackspace data center technicians
• Biometric scanning for controlled data center access
• Security camera monitoring at all data center locations
• 24x7 onsite staff provides additional protection against unauthorized entry
• Unmarked facilities to help maintain low profile
• Physical security audited by an independent firm
More importantly, for securing a customer's peace of mind, our data center is SAS 70 Type II certified.
SAS 70 is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (
AICPA). When an organization has been so certified, it means that an independ
ent service auditor has conducted an in-depth audit of controls over information, information technology and related processes. A Type I report describes controls at a specific point in time, whereas a Type II report covers a specified period of time. You'll want to make sure it's Type II.
SAS 70 was already made significant by the financial reporting requirements of Sarbanes-Oxley Act of 2002, which itself resulted from the Enron meltdown. SAS 70 will become even more critical as more and more enterprise move more of their applications to the cloud.
Now back to the mattress story. Was she better off hiding money in her mattress or depositing in an interest bearing account with a bank that employs armed guards and utilizes the latest surveillance and security technologies? Similarly, would a corporation be better off housing sensitive customer data on its own premises with questionable or lack of security and controls (think: cleaning people sweeping under the server rack); or housing data in Fort Knox?
In today's world of data breaches and virus outbreaks, the chances for a happy ending are maximized when data is housed in a secure, SAS 70 certified data center.
