From Legacy to Leading Edge: A Guide to Data Center Migration

Physical Security Dynamics: Security poses a significant challenge for internal data centers, encompassing both physical and logical realms. The physical security aspect demands a nuanced strategy, often intertwining with compliance standards dictated by industry, customer base, and data components.

Let's start with the physical. Numerous tactics contribute to a robust physical security strategy, aligning with compliance requirements:

• Surveillance cameras
• Biometric scanning
• Multi-factor authentication
• Entry and exit monitoring
• Thick concrete walls

Logical Security Challenges: Logical security, spanning various practice areas from network to information security, presents its own set of challenges. Technical debt, an often underestimated risk in on-premises data centers, arises from vulnerabilities in older systems and legacy applications, posing potential threats to data integrity.

Mitigating Risks with Reliable Partners: Collaborating with a trusted partner, whether for colocation space, cloud services, or a hybrid approach, proves instrumental in risk reduction. However, the level of responsibility assumed by data center vendors varies. It is crucial to conduct a thorough evaluation to understand the included or purchasable physical and logical controls.

Ownership of Data Security: Despite a provider's security offerings, it's imperative to recognize that the business retains 100% responsibility for its data at all times—a common misconception among data center customers. Evaluating external support requires a meticulous assessment by security personnel to ascertain the extent of controls available or offered as a service.

Managing a data center environment is no simple feat. With intersecting IT practice areas, expensive engineering talent, and complex data ecosystems – it's no wonder 54% of data center respondents reported staffing and organization as their top concern. 

Data center migrations to a dedicated provider mitigate these issues, as they house technical experts, diverse ranges of IT professionals, and data center specialists. Additionally, you'll no longer have to spend time and resources sourcing specialized engineers and facility staff for monitoring data storage. Data Center as a Service, or DCaaS, offers these advantages. Check out this article on DCaaS to learn more. 

Throughout the data center migration planning phase, compliance should be top-of-mind. The list of standards, guidelines, and regulatory bodies is exhaustive – not to mention critical. 

Typically, healthcare organizations, financial institutions, and tech companies face the most rigorous compliance standards. Let's explore which compliance standards these industries will face. 

SSAE 18 (Statement on Standards for Attestation Engagements)

SSAE 18, governing internal controls over financial reporting, ensures transparency in business and compliance interactions. Particularly vital for service organizations, it is typically reviewed as part of a SOC 1 report.

SOC Reports

Service Organization Control (SOC) is a prevalent measure of data center security controls. There are two forms of SOC audits, Type I refers to the effectiveness of security controls at a specific point in time. Type II audits will evaluate the effectiveness of security controls over a set period of time (typically 6-12 months). 

• SOC 1: This assessment evaluates the effectiveness of a service organization's internal controls concerning financial reporting, aiming to safeguard client data.
• SOC 2: Conducted through an audit, SOC 2 scrutinizes internal controls pertaining to security, covering aspects such as data availability, confidentiality, privacy, and processing integrity.
• SOC 3: Resembling SOC 2, SOC 3 verifies the adequacy of internal security controls. However, it differs by providing a report that doesn't disclose specific details about the organization's systems. Unlike SOC 1 and SOC 2, SOC 3 reports are public-facing, serving as a means for potential customers to gauge compliance without divulging mission-critical or proprietary information. Notably, SOC 3 reports do not have designated Type I or Type II classifications.

ISO/IEC 27001: 2013 (International Organization for Standardization/International Electrotechnical Commission)

Integral to risk management involving private and sensitive data, ISO/IEC 27001 assesses how well an organization identifies risks, addresses access and authentication vulnerabilities, and provides ongoing training to ensure customer information security.

HIPAA/HITECH (Health Insurance Portability and Accountability Act/Health Information Technology for Economic and Clinical Health Act)

Designed to protect personal health data, HIPAA/HITECH is crucial for the digitized healthcare industry, covering PII and ePHI. Specific attestation for this compliance standard is AT-C 105 & 205.

PCI DSS 4.0 (Payment Card Industry Data Security Standard)

Imposing strict controls on handling personal financial data in electronically processed credit card payments, PCI DSS 4.0 is essential for any entity processing credit card payments or storing financial data electronically.

GDPR (General Data Protection Regulation)

As a comprehensive data privacy and security law, GDPR has been impacting organizations conducting business with EU and UK citizens since 2018. It grants EU citizens the right to control their data handling, including notification when data is collected and the "right to be forgotten." Data centers must facilitate access to data for EU citizens and adhere to data security requirements globally.

The consequences of regulatory non-compliance are incredibly steep, even post-GDPR. Look no further than the costly repercussions of these breaches: 

• Amazon: $877 million GDPR fine
• Zoom: $85 million settlement 
• Netherlands Tax & Customs Administration: $4 million GDPR fine 
• WhatsApp: $244 million in combined fines from GDPR and the Irish Data Protection Commission 

Perhaps the most predictable aspect of any network infrastructure is the unforeseen disruptions. From natural disasters and inclement weather to power outages, human error, or tech failures – data centers can't afford downtime. According to Uptime Institute, over 60% of failures resulted in $100K or more in total losses, with 11-15% of outages causing upwards of $1M. 

And these aren't isolated incidences, with well over 80% of data center managers stating that they've experienced some sort of outage in the last three years. Why would this affect data center migration strategies? Well, choosing a data center location that's immune to natural disasters eliminates that risk. However, choosing a qualified data center migration destination with existing infrastructure, compliance certifications, redundant systems, and diverse power/network systems is a surefire way to protect your data storage. 

Piggybacking off the Expertise & Technical Skills section, access to managed services and even remote hands is another contributing factor for data center migration. Migrating to a new data center means access to new IT assets, improved racking and stacking equipment for firewall maintenance, proper expertise, and scalable infrastructure. 

Even if during the data center migration process, colocation, cloud, or even hybrid cloud options become a reality – managed data center services are typically attached. The trajectory of data centers is to offer a more holistic solution. 

Businesses grow, which means data centers should too, right? Eventually, organizations reach this conclusion one of two ways. Either they're outgrowing their existing physical infrastructure or it's become abundantly clear that their data center real estate could be better utilized for core functions. These could include expanding accommodations or resources for existing and new staff or expanding business-related critical infrastructure. 

Less vital assets can be offloaded through colocation, while primary data migration can move to a dedicated data center. Off-site data centers offer incredible flexibility, customization, and resources to prevent overextension and optimize existing real estate. 

For many organizations, energy efficiency is a green initiative or an afterthought. For data center managers, it's a massive motivator for data center migrations. 

Power efficiency considerations vary across businesses, with distinct needs for a data closet versus a comprehensive data center facility. Whether procuring fans for server room cooling or implementing overhead power and cooling systems, the intersection of power efficiency and cost becomes a pivotal concern.

The intricacies of modern HVAC technologies demand specialized skills for effective management. The complexity escalates with a more sophisticated physical environment, necessitating increased equipment and expertise.

In the contemporary landscape, businesses seek to consolidate environments while upholding stringent SLAs and cost-effectiveness. Achieving power-related objectives proves challenging when constructing and operating an in-house data center.

Top-tier data center facilities seamlessly incorporate power and cooling solutions into their offerings, aligning with IT budget constraints. Many providers are at the forefront of integrating innovative, high-efficiency technologies to deliver additional cost savings to customers – a major motivator for data center migrations. 

Data center maintenance is one thing, but ensuring that your data center is equipped for tomorrow is another. Updating an existing data center is incredibly time-consuming, resource-exhaustive, and expensive. 

The truth is that it doesn't make sense for the majority of organizations to house data, especially when there are reliable providers ready with data center migration plan opportunities, physical data centers, and future-forward infrastructure. 

We've all heard the term digital transformation time and time again, and for good reason. No company can hope to excel in the modern environment without embracing this truth. It's all about agility, preparedness, and digital strategies. This is a tough ask for companies with in-house data centers, as they can be a vacuum for IT resources.