Choosing a Disaster Recovery as a Service Provider (DRaaS): Part #2 - Cloud Security & Compliance Standards

A very common concern that many businesses looking to utilize cloud backup have is that of security. When you’re unsure of what security measures and compliance standards are needed, it can be very difficult to make an informed decision. This post will focus on the most important compliance standards today.


What compliance standards matter to my business and how do they affect cloud security?

When discussing security for cloud backup and disaster recovery providers, the main thing you’re looking for is the type of compliance that fits your business’s needs. Some of the most important compliance standards to be on the lookout for are HIPAA, PCI and SOC2. Each different compliance is focused on a separate measure of security.

PCI:  The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that all organizations that accept, process, store or transmit credit card information maintain a secure environment.

The Payment Card Industry Security Standards Council (PCI SSC) is in place to manage the Payment Card Industry (PCI) and the security standards it employs.

HIPAA: The Health Insurance Portability and Accountability Act, is the standard setter for protecting sensitive patient data. An organization that works with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

This includes covered entities (CE), anyone who provides treatment, payment and operations in healthcare, and business associates (BA), anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.

SOC2: The Service Organization Controls (SOC) is a set of standards created to measure how well an organization controls its information. An organization with the Service Organization Controls stamp of approval will have been audited by a certified public accountant who deems the organization has the appropriate SOC standards in procedures in place.

A company that has achieved SOC2 certification has therefore proven that its system is designed to keep its customers data secure.

Throughout this 3 part series we will go over some of bigger questions that companies face when deciding whether to integrate into the cloud or not. We will cover the details of why your business needs a Disaster Recovery as a Servce providerassociated costs, and generally how to take advantage of Disaster Recovery as a Service (DRaaS). Stay tuned over the next few months as we go over these topics in more detail.

Here at Virtual Systems, our virtual private server technology provides a secure, compliant infrastructure that’s easy to scale in a matter of minutes. We are HIPAA, PCI, and SOC2 compliant. Our virtual private servers are deployed using VMWare vCloud Suite, the industry leader in server virtualization technology. We are a VMWare Certified partner and our VMWare Certified Professionals are specially trained to install, deploy, scale and manage VMware vSphere environments. We also offer offsite backup and VDI services that aid in any disaster recovery plan (DRP).