In the face of recent privacy legislation, even the smallest business must think about how to protect personal information. Add a number of complex, industry-specific regulations, and the weight of compliance quickly becomes a heavy burden to bear:
- Service Organization Control (SOC) reports for information service providers
- Health Insurance Portability and Accountability Act (HIPAA) for healthcare providers
- Payment Card Industry Data Security Standard (PCI DSS) in the financial services realm
- International Traffic in Arms Regulations (ITAR) in the military world
One way to lessen the load is to share it.
At MFG.com, one of the world’s largest online manufacturing marketplaces, demonstrating compliance is necessary to attract and support large enterprise customers. Companies sourcing and delivering components in the aerospace and defense industries, for example, must comply with stringent rules about where data resides and who may access it.
Faced with the very real prospect of having to say no to business, MFG.com started to look for co-location services in the United States to complement its existing facility in Switzerland. The top priority was ITAR compliance.
“If we couldn’t find an ITAR-compliant hosting facility, we would have had to source the equipment, hire the resources, and maintain everything ourselves,” says MFG.com CTO Jean-François Blachon.
- In the fall of 2013, MFG.com enlisted the help of Peak 10, a leader in IT infrastructure and cloud services.
- Peak 10’s compliance program is designed to help companies meet the requirements of various regulatory and industry standards.
- To maintain transparency, build trust, and safeguard the systems its customers depend on, Peak 10 undergoes rigorous annual examinations by independent assessors.
- It is also a certified Cisco® Cloud Provider and holds a Cisco Powered™ Cloud Infrastructure-as-a-Service (IaaS) designation, meaning its services are based on validated designs that use the Intel® Xeon® processor-based Cisco Unified Computing System™.
“We have a pretty deep bench of specialists who take a look at us,” explains David Kidd, Peak 10 director of quality assurance and compliance, cautioning companies to be wary of “thin” audits. “You can’t treat a third-party audit report as a checkbox item. You need to ensure that it has substance and depth, and addresses the areas you are concerned about.”
Rather than tying up valuable resources and relying on manual processes to meet regulatory requirements, users leverage Peak 10’s compliance expertise, freeing them to focus internal resources on core competencies instead.
“IT professionals are not lawyers or regulators,” notes Kidd. “It’s not their core competency to meet regulatory compliance. It’s just a necessary burden of doing business.”
After three months of planning and preparation, MFG.com moved its North American facility to a hybrid cloud solution hosted by Peak 10, managing both physical and cloud components on one unified network.
- By partnering with Peak 10, the company achieved both ITAR and SOC 2 compliance.
- At the same time, it reduced costs by as much as 30 percent and decreased its allocation of internal resources dedicated to compliance and security by half.
Being able to demonstrate compliance has led to an increase in activity from large customers, including the U.S. Department of Defense. Roughly 95 percent of MFG.com’s online marketplace traffic now travels through Atlanta. According to Blachon, one benefit of using a cloud services provider is the ability to scale performance as needed.
“Using a hybrid cloud system helps us on a daily basis,” he says. “If we have 10 times more traffic in our marketplace tomorrow, we just make a call and we’ll get new servers in minutes.”
Prior to moving to a co-location facility, MFG.com’s compliance program was largely a manual one, relying on annual security audits and dialogue with customers. Now, compliance is a shared responsibility that benefits from automation. For example, Peak 10 manages the ticketing system to monitor system availability and provide root cause analysis reporting when necessary, and Peak 10 partner Silver Sky provides ongoing security monitoring.
“Having a partner to share our compliance load is significant,” says Blachon. “There are many players on the planet providing hosting facilities. At the end of the day, our experience is built on trust.”