BLOG

At the Crossroads of Enterprise & Compliant Hosting

September 25, 2010 by Jon Greaves

The hosting industry is often viewed with two lenses - “who” service is delivered to vs. “what” is being delivered. But the most common way of segmenting hosting is “mass market” and “complex hosting”. With the ever-increasing number of providers of hosting services and the explosion of cloud computing providers, it feels like the industry is really looking for more granularity when it comes to describing itself. In the early days, it used to be very easy, you either offered colo or managed services. Now with the lines being blurred and cloud somewhat making both terms irrelevant, a new segmentation is needed.

If you ask me how I would describe Carpathia Hosting, I would describe our services as these two lenses - Enterprise Hosting and Compliant Hosting.

Enterprise Hosting

Our typical enterprise hosting customer is running mission critical compute environments. Sometimes the mission is the company’s revenue generating business, other times the mission could be something as important as national security.  We see enterprise as being a type of hosting and not necessarily describing the size of the customer – i.e., Fortune 1000 company, has X number of employees, etc. Our services and delivery is optimized to provide this type of hosting. If we were to revert back to old terminology, it would most closely match to “complex hosting” that typically requires a high degree of customization and specialization in the services delivered to customers.

Compliant Hosting

I would argue that Carpathia is one of few (3 or 4 tops) companies that have the rigger in process to really claim this space. So what sets us apart from the others? It’s probably best described by WHO we deliver compliant hosting services for.

A large constituent in this area would be our government customers. For a government system to be connected and in production, it must achieve Authority to Operate (ATO), meaning that the Agency’s security team and CIO have reviewed the operational controls in place against the government computing standards (most often DIACAP or FISMA) and through a rigorous audit process “blessed” the system ready for production.

We measure success in this particular discipline by the number of ATO’s we have.  At last count, we have ATO’s with 26 different government agencies (some with multiple systems, each with their own ATO hosted with Carpathia). Outside of the government vertical, PCI, HIPAA, GLBA and SOX are the other dominant compliance standards and guidelines we work with. Each has there own set of controls and frequency of inspection. For customers delivering healthcare solutions to the government for example, we have another intersection of HIPAA and FISMA/DIACAP to consider.

Not all customers have compliance requirements that are generated by an external body.  We have many customers who have created their own information security policies - often based on existing standards such as ISO or NIST - and hold these up as a requirement for service.  We also support these requirements and are often very involved in helping customers define them.

The way we go about delivering compliance is the same no matter where the requirements have been defined.  We hold ourselves accountable to our own policies that are also a superset of government and commercially published requirements. We then map these back to relevant requirements within each published standard.

With close to 10 years of experience delivering “compliant” hosting, we can say that compliance is truly in Carpathia’s DNA.

I can think of no better endorsement for our capabilities than references from our customers.  Today we have launched a number of case studies, customer references and white papers that really dig into the next level of detail in compliant hosting. Here’s hoping our analyst friends consider compliance as another view on the hosting industry.

[ Authors ]

[ Archives ]

Archives

Write a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.
 
Showing comments 1 to 4 of 53 | Next | Last
Sandra
Posts: 53
Comment
xfQSfYMxjzVQBO
Reply #53 on : Thu January 31, 2013, 13:35:05
I'll be the first to admit that patient satfey is way overplayed in my opinion by vendors and standards bodies, just like how half of the media seem unable to lead with a error-based story that doesn't cite somewhere the IOM's 1999 report To Err Is Human.' I would tend to agree that most such claims can't touch a direct care issue like patient satfey (as in: wash your hands longer and more thoroughly) and quantifying such claims is hard.I feel I need to point out that Loftware does not represent GS1, we have no special insight into the thinking of any member of the GS1 staff nor the group as a whole, nor do we speak for GS1, nor were we involved in the creation of that document in question. Wow, a lot of nor in that sentence.We're trying to bring to light some serious labeling issues coming down the GS1 highway for vendors everywhere. You can't sell to Turkey if you don't support GS1 labels today; same with half of Canada, Japan and several other countries. Come sunset date, you may not have a medical device business if you can't do GS1 labels. I would strongly urge you to visit the GS1 Community Room and ask that question about patient satfey.As to your last paragraph, yes, our focus is on the supply chain advantages (where most of the labeling occurs). So that's what we've been on about. And will continue to be on about.You did give me an idea for a slightly off-topic three-part briefer on the lowly and misunderstood barcode. I mean, the basis of the POC barcode most often used there was designed for identifying a pack of chewing gum in 1973; new barcode technology ( symbologies ) have been invented since then that transform what the barcode could do in patient care settings (for example, very intensive symbologies are being used on blood packs). Some of these barcode symbologies coming in the future are amazing.
uzzxxya
Posts: 53
Comment
NsxSeyKDnYqGf
Reply #52 on : Tue January 22, 2013, 07:26:30
42Zu1f <a href="http://bzpguohvizop.com/">bzpguohvizop</a>
nkklmpzh
Posts: 53
Comment
xlbdXOTIqyewakNa
Reply #51 on : Mon January 21, 2013, 00:13:51
moREiW <a href="http://diietspjrgrj.com/">diietspjrgrj</a>
shkeutreydb
Posts: 53
Comment
pJyXJDqpLKwyrM
Reply #50 on : Sat January 19, 2013, 21:43:53
6XyaDx <a href="http://rpnwfgtfbldw.com/">rpnwfgtfbldw</a>
Showing comments 1 to 4 of 53 | Next | Last
   
engage
twitter facebook linkedin
connect
facebook share twitter share linkedin stumble digg delicious reddit mail