Stream Data Centers Articles

Putting the ‘Pliant’ in Compliant: How Flexibility Takes Security to the Next Level

Putting the ‘Pliant’ in Compliant: How Flexibility Takes Security to the Next Level

When we think of the data center, we normally think of something that is robust, sturdy and resolute. Everything is by the book. Barriers are everywhere, and they serve to keep all IT systems protected from any potential issues. Of course this is how we imagine the data center environment — it’s a highly regulated, very delicate and extremely important place that protects and serves IT.

When we think of information security and data center compliance, it’s hard to conceive of it being something flexible — but it’s time we not only start believing that it can be, but seeing how it actually makes compliance methods stronger by remaining agile and open to optimization. In truth, flexible does not mean flimsy. Knowing where to place the most rigorous, immovable standards and where to create room for adjustment is key for getting the very best of data center compliance, and it’s not a balance that every provider is ready to — or knows how to — strike.

Let’s take a look at some of Stream’s top compliance and information security philosophies and how they serve our customers with the right balance of firm and flexible.

Compliance is a 2-Way Street
It is and always will be the data center’s responsibility to deliver the utmost security and compliance for customer deployments. But in order to achieve a truly optimized and protected environment, we believe the best way to do it is by understanding that we’re not the only ones that have to be compliant. When a customer procures data center space, they aren’t really just trusting that provider alone. They’re also trusting that provider’s entire supply chain too, making the data center a proxy for the security of its entire ecosystem of procured equipment and services.

That’s why we do our customers the favor of extending that responsibility to each and every one of our vendors and suppliers, ensuring a well-vetted and compliant supply chain — not just a compliant data center. This is one of the ways in which we run a tight ship and make sure our customers don’t ever have to worry about accidental cross-contamination at the compliance level.

Stream implements rigorous standards and controls for our partner companies and providers, including making sure every individual at that partner company that requires logical access to our facilities signs an NDA on the personal level in addition to the one we implement on a corporate level. We also carefully dictate how partners and providers can connect to the Stream network and operate within our data centers with multiple levels of authorizations. We’re also imposing annual background checks for anyone at our partner companies that has access to our facilities, contrary to the industry standard of a single background check upon hiring.

Make the Standard Fare Mean More
As a data center provider with 90% of its inventory leased to Fortune 100 customers, we’re held to the highest standards by a host of some of the country’s largest businesses across a range of verticals. That means customers with unique compliance needs across the social media sector, healthcare, finance and beyond. This is where a highly secure and robust framework that allows for flexibility comes into place.

For us, the ISO framework allows us to be very flexible in a multi-industry environment without sacrificing on any compliance capabilities. In fact, ISO compliance isn’t a mere checkbox — it’s a cyclical, ongoing practice built on a series of planning, doing, checking and optimizing in perpetuity in a 360° operational method. So, we’re continually adding new controls for new threats as they arise (and as we continue to study the threat landscape with our internal preparation, complete with penetration tests, ‘lessons learned’ sessions, scenario-based exercises and more). This framework keeps us empowered and on the move so that all of our customers can entrust their data to a system that is always working and improving to their benefit.

Take Everything Personally
We believe that open communications beget closed gaps. That’s why Stream’s dedication to close partnerships and great client relations isn’t just something we like to talk about, it’s an actual cornerstone of everything we do. That includes information security and compliance practices.

Does your data center provider know your team by name? If you ask our customers, a lot of them would say yes — and that’s on purpose. We always like to maintain close relationships, especially when we’re talking about those on the compliance level. Being on a first name basis with compliance auditors and information security employees makes it easier for us to keep an open dialogue and be more agile and responsive as a result.

Picking up the phone and actually performing check-ins isn’t just to keep us all feeling warm and fuzzy. It serves us in the event of zero-day threats, or even just day-to-day questions or concerns. With a great network in place and a consistent level of insight into our customers’ needs, it means that we don’t have to be bogged down by paperwork when action is needed.

We also are responsive to customer requests, even if they’re unique or off the beaten path. For instance, we’ve had customers want to collaborate with us on tabletop exercises (security incident preparedness tests that are a regular part of our protocols), and we’re all for it. Many might not let their customers into that sphere, and many customers might not even feel comfortable enough asking their data center provider to do this. In many cases, there might not even be a person to go to with that question in the first place. At Stream however, we’re always open to finding new ways to make our customers feel part of the process, because that’s what builds even more trust. Plus, every added insight makes our compliance capabilities even better.

Treating customers like collaborators means we can cut out the bureaucracy and actually protect IT in a flexible, meaningful, effective, personal and consultative way. That approach will never change.

Life on the Extra Mile
It’s a sad truth that a lot of these detailed-oriented practices go unaddressed at many companies. At Stream, we have a team that’s built from people that have come from diverse backgrounds (from service providers to companies that help measure compliance and more), so we understand how to bring all of these sides together to create an absolutely airtight approach. We’ve seen how the best and most necessary strategies can be skirted, and that makes us even more compelled to go above and beyond.

We don’t just study to pass — we study to learn, improve, stay ahead and ultimately succeed to the fullest extent on behalf of customers. This means that we don’t merely do what audits require. We analyze and assess to determine what it actually takes to create the best compliance and information security practices in the industry, and then we put it into action.

We do it by the book and then some, because we understand that no set of industry standards can ever cover all the possibilities the real world throws at us.

To learn more about how we keep our data center environments safe, click here.

About Our Contributor

Ron Chandler

Director of Information Security & Compliance
Ron directs the information security and compliance protocols for Stream Data Centers, ensuring critical services and customer data remain thoroughly safeguarded against any potential threat. Read More