At the Peak of Cloud Compliance
P.J. Weidner, Peak 10 business development executive
Photography Daniel Smyth
Peak 10, an IT infrastructure solutions provider that offers cloud and data center services, has long made helping customers navigate the regulatory landscape among its core competencies. The company, which operates data centers in key markets across the United States, stays on top of regulatory requirements that may impact its customers across a broad spectrum of industries.
“From the Health Insurance Portability and Accountability Act (HIPAA) to the Payment Card Industry Data Security Standard (PCI DSS), Peak 10 compliance experts and engineers are highly knowledgeable with regard to various compliance acts and regulations,” says P.J. Weidner, a business development executive for Peak 10’s Cincinnati operations. “They can help customers understand them, as well as help them to leverage Peak 10 services in order to meet many of the regulatory requirements.”
Weidner says that Peak 10 has always stood out from other providers because of its consultative approach, but that the company also realized early on that many of the IT infrastructure services it provides to customers are considered part of their operations and therefore, part of their overall IT internal control programs.
“That’s why Peak 10 is committed to providing a transparent view of our policies and procedures,” he says. “We go beyond the requirements in our industry to maintain a well-governed, high-quality infrastructure. By ensuring that we provide the necessary security controls and documented processes to meet a number of regulatory requirements, we can help ease the burden on our customers that are subject to these compliance regulations.”
Every year, Peak 10 undergoes rigorous audits by an independent firm specializing in attestation and compliance services. In the past year, the company has successfully completed independent examinations under the SSAE 16, ISAE 3402, PCI DSS, and AT-101 audit standards. It is among a select number of cloud and data center services providers that can provide SOC 1, SOC 2 and SOC3 reports, which can be used to address a number of regulatory requirements including those related to Sarbanes Oxley.
In addition, Peak 10 is certified under the U.S. Department of Commerce Safe Harbor Program, known as the U.S.-EU Safe Harbor Framework (or “Safe Harbor”).
This certification gives Peak 10 customers and their end users confidence that the firm is meeting the required criteria for preventing accidental disclosure or loss of personal data collected from EU citizens.
Peak 10 is also a Certified Level 1 Service Provider under PCI DSS 2.0, which means that all processes and components under the control of Peak 10 are PCI DSS compliant – something of increasing importance to the large number of companies that are required to adhere to the security requirements outlined by the payment card industry for handling credit card information.
According to Andrew Cole, a solutions engineer for Peak 10’s Cincinnati operations, it is the company’s emphasis on high-level security protocols that enables it to continually meet increasingly stringent compliance requirements and ensure the integrity and security of its customers’ critical IT assets.
“One of our primary goals at Peak 10 is to protect the data entrusted to us by our customers as best we can,” Cole says. “That entails protecting our internal systems both physically and logically. We adhere to several industry best practices in an effort to elevate that protection and ensure our customers’ data is safe.
“As part of our standard security measures, Peak 10 employs multi-layer protection and data access limitation. Features include antivirus management, vulnerability scanning, a secure audit trail and resource tracking along with around-the-clock technical support by comprehensively trained Peak 10 staff to maximize uptime and availability and to enhance security.
“Gone are the days when a simple firewall was sufficient to keep things safe,” Cole continues. “We employ services that elevate the security of the environment in which our customers’ data resides, like using a firewall in conjunction with an Intrusion Detection and Prevention System (IDPS) appliance to ensure that what is coming into the environment is doing so only on ap- proved ports.
“Once the data is inside, the IDPS ensures that the data that came in acts in the way it should. Ensuring you are using SSL Encryption wherever possible, multifactor authentication to access the data and monitoring the log files to look for suspicious activity are all additional things to consider in an effort to provide a more secure environment.
“No company wants its name to be plastered all over the media because of a data breach. It is embarrassing, damaging, and very expensive,” Cole concludes. “Much of what regulatory requirements specify are controls that can help keep data secure, so it’s in companies’ best interest to adhere to the requirements and work with companies that can do so as well.”