Regulating Data Centers in Boston
The Federal Register contains about 80,000 pages with the U.S. Code of Federal Regulations (so this is anything but a walk in the park). With the rise of cloud computing, more attention will be placed on regulating data centers in Boston and around the world.
But it’s not only the involvement of the government that colocation centers have to contend with, independent certification providers like the Uptime Institute are also tightening their certification process to ensure that customers are receiving the best possible service. However, it only applies to data centers in North America that sell commercial services.
Boston Colo Operators
Out of the 22 colocation operators in the metro area, the top five are:
- CoreSite Boston (BO1)
- Hosted Solutions Boston
- Internap Boston 50 Innerbelt Rd
- One Summer St.
- XO Boston
So how are Boston colocation operators addressing regulation, compliance, and storage issues? This is a continuously evolving solutions model and operators have started to focus more on compliance-oriented infrastructure. The level of compliance comes down to the type of data being stored at the data center and the type of customer.
Boston colocations operators will not only deal with local regulators but also state and federal. So it’s not an easy task to provide a detailed account as to how it works. Here’s a brief overview:
Colocation regulation applies to both digital and physical aspects of the colocation center. Physical security for financial data HIPAA compliance and OSHA regulations come into play here including EPA regulations for a backup power system. As the data is sensitive, so the regulations will focus on the personnel monitoring and access control.
The digital side of things is clear, but the introduction of the cloud has significantly complicated things. Experts believe that Boston colocation centers will mostly deal with local government rather than federal government which make things a little easier. For example, data centers in Silicon Valley and Manhattan follow this approach and are regulated differently.
Colocation Industry Standards
Colocation operators will need to identify and apply industry standards when handling financial transactions, so Payment Card Industry Data Security Standard (PCI DSS) which covers data storage and transaction of credit-card purchases will also be added to the list.
The Hybrid Cloud and PCI/DSS
Doing e-commerce on a cloud brings about new challenges as sensitive data is processed on the cloud.
Colocation centers in Massachusetts and others around the country are meeting these challenges by coming up with creative approaches like intelligently controlling the data via the cloud. They also tend to sign up with a separate payment processor in order to provide tokenization.
This is just a tiny tip of the regulatory iceberg. When other countries are involved, the data may warrant regulation by laws in that country. Further, as more businesses switch to cloud computing, new regulatory issues will also naturally arise. With more users switching to the cloud, there will be even more need to develop data segregation and optimized security.
How are colocation centers addressing regulatory issues in your city? Please share your thoughts in the Comment section below.
If you're in the data center, mission critical or cloud services industries, or you sell to the data center industry, don't miss our weekly update newsletter -- Data Center Sales & Marketing Institute (DCSMI) Update Newsletter. Get notified about new reports, events, podcasts, and blog posts.