Archive for the 'Hosting Industry' Category

Up and to the Right: Layered Tech advances in Gartner Magic Quadrant

Published on May 15, 2013 in Cloud Computing, Compliant Hosting, Dedicated Server Hosting, FISMA Compliance, HIPAA Compliance, Hosting Industry, Industry Expert, Layered Technologies and PCI Compliance. 0 Comments
Posted by

Gartner Research logoGartner recently published the 2013 edition of the Magic Quadrant for Managed Hosting which included Layered Tech. Since our first inclusion in 2010, Layered Tech has significantly increased our ranking and position with respect to completeness of vision and ability to execute. We have consistently moved up and to the right.

To be considered for the Gartner Magic Quadrant for Managed Hosting, providers must deliver on-demand, enterprise-class managed hosting services, have a presence in multiple North American metropolitan areas, and be among the top 15 North American providers by market share. Gartner’s quadrant-based categories rate providers by “vision” – the ability to anticipate and meet customer needs – and by service-delivery excellence, based on customers’ experiences.

I have worked closely with Gartner over the past few years to help them gain deeper insight to our business, our clients, the workloads we serve and our significant differentiators. I have introduced Gartner to many of our staff and clients, to help them understand our unique abilities. As a result, the latest Gartner ratings show rapid ascension for Layered Tech along both the vision scale and the service-execution scale.

Simplifying Complexity and Reducing Risk

As one of the more focused and intimate managed hosting service providers in the Magic Quadrant, Layered Tech is recognized for its ability to manage complex hosting needs with stringent security and compliance requirements, as demonstrated with our strong SLA and compliance guarantee. Managing complex web applications and helping to achieve and maintain security or compliance objectives is a key focus of the Layered Tech business. Our ability to help clients reduce the risk to security threats and to completely achieve compliance with respect to the IT controls is a significant differentiator.

Gartner also recognized our strength and commitment to automate service delivery and change within the ITIL-based change-management framework. This is core to our ability to deliver a high quality of service to our clients.  The Layered Tech automated workflow introduces check points to mitigate change risks, automates operations and improves communications.

Compliance Expertise Recognized

Last year’s Gartner report noted that Layered Tech is one of the only providers capable of delivering comprehensive PCI and HIPAA-compliant hosting services for the electronic payment and healthcare markets. This year’s report cites Layered Tech’s expansion into the federal government FISMA compliance market as a new company strength. I would add that we also perform extremely well with SaaS/ISVs, eCommerce and Media.

We think Gartner has done a great job of highlighting some critical strengths and key target markets for Layered Tech. We will continue to drive upward momentum as we work to find new ways to serve customers and anticipate their cloud hosting and compliance needs.

Kevin Van Mondfrans, VP of Product ManagementAbout the Author: As Vice President of Product Management at Layered Tech, Kevin Van Mondfrans (@VANMONDFRANS | +Kevin Van Mondfrans) is responsible for driving the Layered Tech portfolio of infrastructure as a service (IaaS) and managed service offerings. With more than 20 years of experience product development and marketing, Kevin has been delivering innovative computing, storage, cloud and service offering with companies such as HP, Dell, and Savvis.

Blog Series: Reducing Risk with PCI-Compliant and Secure Community Clouds, Part III

Published on February 13, 2012 in Cloud Computing, Hosting Industry, Infrastructure and PCI Compliance. Closed
Posted by

By Jeff Reich, Chief Risk Officer, Layered Tech

In parts one and two of this blog series, we’ve examined how community clouds are viable environments for PCI compliance, and in this segment we will explore how security is instrumental in guarding against data breaches.

Make security a priority in your community cloud

Despite common misperceptions, it is no more difficult to be secure or PCI-compliant in the cloud than it is in a dedicated hosting environment.Many believe that PCI compliance alone will keep mission-critical data safe, but that is actually not the case. Almost every credit card data breach in the last five years has occurred in a PCI-compliant environment. This powerful statistic reinforces the fact that although compliance is required for success, it is “table stakes” as opposed to effectiveness. The data in your community cloud is only as protected as the amount of security you apply to it, so it is critical that businesses invest heavily in security.

This doesn’t mean that PCI compliance should be ignored. Rather, security measures should work in tandem with compliance efforts, and in all actuality, PCI compliance should be considered as a subset of security. Keeping that in mind, organizations must make risk-based decisions that embrace compliance while also addressing practicalities and technical capabilities in order to establish a secure community cloud.

In addition to assessing the practicalities of achieving compliance, organizations must acknowledge that compliance is maintained by viewing it as a necessary, daily process, not as an annual project that must be completed to pass an audit or test. Doing so will defeat the purpose of attaining compliance in the first place, and it will open up your business to a variety of security threats. To “raise the bar” beyond simply establishing compliance, companies should consider several security components, including social engineering, patching, system interfaces and the scope of administration rights, as well as routinely identify system vulnerabilities to ensure a fully secure environment. Some of these components can be addressed with automated security checks, while others require human interaction, which is why good security is part art and part science.

Security and compliance are no more difficult in the community cloud

The security concepts mentioned above are vital elements that help determine whether a company chooses to leverage the community cloud or a different hosting environment. Despite common misperceptions, it is no more difficult to be secure or PCI-compliant in the cloud than it is in a dedicated hosting environment. The essence of any security plan is in taking the necessary precautions to make sure that data is kept under strict control. The 2011 Verizon Data Breach Investigations Report states that the cloud does not really factor into many of the breaches they investigate because they have yet to encounter a breach involving a successful exploit of a hypervisor allowing an attacker to jump across VMs.

In terms of PCI compliant hosting, not all cloud providers are created equal. Some hosting providers offer cloud environments with all the tools needed to secure a company’s data but leave the management of incident response to the customer. This opens the door for important security measures, precautions and standards to go unnoticed or overlooked, increasing the risk of a security breach. To avoid this danger, businesses should confirm that their third-party cloud vendor will go beyond simply ensuring PCI compliance by conducting regular checks to safeguard critical data.

Layered Tech handles all of the IT controls (about 80 percent of the total criteria) associated with PCI compliance, and our dedicated security experts know how to achieve the utmost security for any environment. By working with an established, global provider of compliant managed hosting services like Layered Tech, companies can offload complex compliance requirements, avoid potential risks associated with non-compliance and most important, focus on their business rather than their cloud infrastructure. To learn more about Layered Tech’s services, please visit our website or send us an email.



cta-whitepaper-2



Jeff Reich, Layered Tech Chief Risk OfficerAbout the Author: As Chief Risk Officer at Layered Tech, Jeff Reich (@LayeredTechCRO+Jeff Reich) drives the company’s security and compliance services and guides risk mitigation efforts for clients. With more than 30 years of experience, Reich is a well-known risk management and security expert in the industry. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow.

Blog Series: Reducing Risk with PCI-Compliant and Secure Community Clouds, Part II

Published on January 26, 2012 in Cloud Computing, Hosting Industry, Infrastructure and PCI Compliance. Closed
Posted by

By Jeff Reich, Chief Risk Officer, Layered Tech

In the first installment of this series, we looked at the magnitude in which companies are experiencing security data breaches and how PCI compliance can help businesses overcome these issues.  In this installment, we’ll examine how community clouds are emerging as an alternative environment for companies looking to achieve PCI compliance and robust security while also reaping benefits including reduced overhead.

The 1, 2, 3’s of securing data and achieving PCI compliance

the 1, 2, 3s of securing data and achieving PCI complianceMany technology security experts agree that securing company and customer data involves three steps:  1) identifying which data is critical and therefore needs to remain secure; 2) implementing the controls needed to protect that data; and 3) validating those controls.  As simple as this may seem, one misstep can result in not achieving PCI compliance, opening the door for highly damaging data breaches to occur.  For example, Verizon stated in its 2011 Data Breach Investigations Report that of the 761 data breaches it examined, more than 95 percent could have been avoided through simple controls.

By contracting with a PCI-compliant managed services provider, companies are able to put their security concerns in the hands of experts who stay up-to-date on security requirements and ensure that PCI compliance is maintained.  Managed hosting providers like Layered Tech make certain that regular monitoring occurs, audits run smoothly and all data is as safe as possible, allowing companies to focus resources on their businesses and customers.

Community clouds as an alternative

Community clouds are becoming a popular hosting environment option because they offer many advantages, including lower costs and more flexibility.  By utilizing community clouds, companies avoid expensive upfront hardware costs and don’t have to worry about the additional expenditures associated with hardware updates and maintenance.  In addition, companies with fluctuating data requirements can easily increase or decrease the services they receive and only pay for services used at any given time.

Community clouds also provide companies with “hidden” benefits.  For instance, if a cloud provider notices targeted malicious activity against one company, it can take actions to prevent the attack or similar attacks from affecting other companies.  Experienced cloud providers will place businesses with similar security needs and services on the same server to use the same pool of resources.

A hosting provider’s experience and expertise in the community cloud should be an important factor when selecting a vendor. Layered Tech pioneered virtualized and PCI-compliant environments and has years of accumulated experience in designing, implementing and hosting in the cloud. To learn more about Layered Tech’s services, check out the compliant hosting and cloud hosting information on our website or send us an email.

In the final installment of this blog series, we will explore security in the community cloud and explain the importance of security and how PCI compliance doesn’t necessarily ensure that data is secure.

Image credit: Kirsty Hall



cta-whitepaper-2



Jeff Reich, Layered Tech Chief Risk OfficerAbout the Author: As Chief Risk Officer at Layered Tech, Jeff Reich (@LayeredTechCRO+Jeff Reich) drives the company’s security and compliance services and guides risk mitigation efforts for clients. With more than 30 years of experience, Reich is a well-known risk management and security expert in the industry. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow.

Blog Series: Reducing Risk with PCI-Compliant and Secure Community Clouds

Published on January 4, 2012 in Cloud Computing, Hosting Industry, Infrastructure, Layered Technologies, PCI Compliance, Security and Tech Tips. Closed
Posted by

By Jeff Reich, Chief Risk Officer, Layered Tech

It seems almost daily a new report emerges detailing how a company suffered a data security breach, resulting in the release of sensitive data for hundreds of people.  To help guard against these attacks, companies can become PCI compliant, but it is not an easy goal to achieve and does not guarantee complete and total security.  As an alternative, community clouds provided through third-party resources like Layered Tech offer security options and a path to compliance without the cost and labor issues present with in-house systems.

To better understand these issues, this blog series will explore the hazards data breaches present and how, even with its challenges, PCI compliance and added security can help protect companies.  Additionally, the series will discuss how leveraging a community cloud provides companies with added benefits, such as scalable infrastructure, flexibility and availability, all in a cost-effective manner.

The real risk hackers pose

PCI compliance can help protect data from hackers, but there are still challenges.In today’s business environment, data breaches are no longer disasters that happen to other companies, nor are they an issue that only plagues large enterprises.  These adverse events can affect small- and medium-sized businesses that have made the leap to computerized systems and digital records.

Hackers are becoming more sophisticated and are able to employ several different tactics to retrieve information, such as exploiting backdoors and using spyware, forcing companies to focus on every aspect of security.  Instead of just looking for credit card and social security numbers or personal data, such as birthdates, hackers are increasingly stealing online banking login details.  According to Verizon’s 2011 Data Breach Investigations Report, the U.S. Secret Service arrested more than 1,200 cybercrime suspects in 2010 that were connected to more than $500 million in fraud loss.

PCI compliance helps but includes challenges

All companies that accept credit card payments, either online or offline, are required to takes steps to secure customer information.  One way companies can accomplish this task is to become PCI compliant, meaning that the organization meets certain criteria throughout the security process, including prevention, detection and response, as set forth by the PCI Data Security Standard (PCI DSS).  These standards, developed by the Payment Card Industry Security Standards Council, provide a range of requirements based on a company’s size, its type of business and the number of credit card transactions it handles.  (Want to know more about PCI DSS?  See the helpful PCI DSS resources available on our website.)

The strictness of these requirements, however, can make it difficult for businesses to achieve compliance.  Verizon’s Payment Card Industry Compliance Report for 2011 states that only 21 percent of the companies assessed were considered fully compliant.  Additionally, even though PCI-compliant companies are safer and less likely to encounter a breach, PCI compliance does not guarantee complete security of data.  Additional security measures, including but not limited to patching and system interfaces, must be taken.

Many companies leverage PCI compliant hosting and managed services from providers like Layered Tech to take advantage of its security, compliance and cloud expertise.  With this approach, organizations gain all the benefits of a hosted IT infrastructure but without the headaches of owning and maintaining hardware.  In addition, you can dedicate your resources to what matters most: your business and your customers.  To learn more about Layered Tech’s services, please visit our website or send us an email.

In the second installment of this blog series, we will discuss PCI compliance and security in community clouds and how this environment can provide businesses with unprecedented processing power, bandwidth and storage capacity, without the burdens of capital expenses and IT staff overhead.

Image credit: Mikael Altemark



pci-compliant-hosting-cta1



Jeff Reich, Layered Tech Chief Risk OfficerAbout the Author: As Chief Risk Officer at Layered Tech, Jeff Reich (@LayeredTechCRO+Jeff Reich) drives the company’s security and compliance services and guides risk mitigation efforts for clients. With more than 30 years of experience, Reich is a well-known risk management and security expert in the industry. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow.

Brad Hokamp Interview with Light Reading

Published on August 24, 2011 in Cloud Computing, Hosting Industry and Layered Technologies. Closed
Posted by

We were recently approached by Light Reading, one of the most widely read IT publications in the industry, to do an interview on Layered Tech’s approach to cloud computing services.  Naturally, we obliged, and our president, Brad Hokamp, sat down with Light Reading’s editor, Phil Harvey, to discuss the results our clients are achieving with our managed compliant cloud solutions:

  • Control costs more effectively – with a cloud environment, customers can build/repurpose infrastructure towards normal loads of traffic and then use cloud for peak capacity management
  • Drive revenue growth and increase agility as a company – allows companies to bring on their customers more rapidly, load applications quicker, etc.
  • Innovate and launch products much faster – leading to faster return on investments

Security and compliance concerns have often prohibited businesses from migrating to the cloud, but a private cloud or even hybrid/community cloud architecture of the kind that Layered Tech regularly deploys for its clients has demonstrated time and again that data and transactions can be so secure as to meet even PCI DSS strict requirements.

The full interview is available as an audio podcast at LightReading.com and as a slide presentation summary on SlideShare.net.