With 128 million active users globally, eBay is one of the world's largest online marketplaces where practically anyone can buy and sell practically anything. Founded in 1995, eBay connects a diverse and passionate ...
Keeping your business’ and your customers’ data safe
Security is one of the most frequently discussed topics
In the data center and IT services world. When selecting a services provider, there’s no such thing as too much emphasis on security. Make sure that the service provider you choose places a strong focus on security—as in the end, it’s your customers’ data that you’re placing in the hands of that provider.
RampRate can help to bring clarity to the security services marketplace to find the best fit for your specific business needs.
Here are a few certifications to look for with your data center and cloud services provider:
ISO / IEC 27001:2005 and 27001:2013 Information Security Management System Standard
ISO is the world’s largest developer and publisher of international standards. ISO certification means that providers can offer products and services which meet and exceed the specifications of their customers by implementing the quality, safety, security, environmental and energy management standards with the widest possible acceptance in data center sector.
This is the most widely-accepted certification available for supporting information, physical security, and business continuity ISO 27001 ensures that:
– risks and threats to the business are assessed and managed
– physical security processes such as restricted/named access are enforced consistently
– audits are conducted regularly at each site that include tests of security and cctv planning and monitoring
PCI-DSS Payment Card Industry Data Security Standard
The PCI Data Security Standard (PCI DSS) ensures the safe handling of sensitive information and is intended to help organizations proactively protect customer account data. For providers that don’t monitor or have access to customer data, applicability is restricted to physical security access to customer equipment through a combination of management systems and physical access safeguards and procedures.
Mandated by the U.S. Health and Human Services Dept., the Health Insurance Portability and Accountability Act of 1996 specifies laws to secure protected health information (PHI), or patient health data (medical records). When it comes to data centers, a hosting provider needs to meet HIPAA compliance in order to ensure sensitive patient information is protected.
A HIPAA audit conducted by an independent auditor against the OCR HIPAA Audit Protocol can provide a documented report to prove a data center operator has the proper policies and procedures in place to provide HIPAA hosting solutions.
No other audit or report can provide evidence of full HIPAA compliance.
FedRAMP – The Federal Risk and Authorization Management Program
FedRAMP provides a cost-effective, risk-based approach for the adoption and use of cloud services by making available to Executive departments and agencies:
• Standardized security requirements for the authorization and ongoing cybersecurity of cloud services for selected information system impact levels;
• A conformity assessment program capable of producing consistent independent, third-party assessments of security controls implemented by Cloud Service Providers (CSPs);
• Authorization packages of cloud services reviewed by a Joint Authorization Board (JAB) consisting of security experts from the DHS, DOD, and GSA;
• Standardized contract language to help Executive departments and agencies integrate FedRAMP requirements and best practices into acquisition; and
• A repository of authorization packages for cloud services that can be leveraged government-wide.
FedRAMP supports the U.S. government’s mandate that all U.S. federal information systems comply with the Federal Information Security Management Act of 2002 (FISMA).
The Federal Information Security Management Act (FISMA)
The National Institute of Standards and Technology (NIST) outlines nine steps toward compliance with FISMA:
“RampRate has been my most reliable global resource and is ready to perform for us at a moment’s notice. Their inside knowledge and ability to handle high-level complex negotiations helped us move fast! They made scaling easier.”
Paul Sams, COO, Blizzard Entertainment
“For over a dozen years, RampRate helped my companies understand the differences between suppliers and worked with us to create the methodology, define the metrics and utilize the proper QoS tools needed to choose the supplier best suited to our needs or restructuring through tailoring solutions. RampRate knows this business better than anyone. We literally saved months of time and optimized our infrastructure spend time and time again. They saved us millions, created agility and new budget out of thin air.” We use them to source or renegotiate cloud, CDN, data center, telecom, software, and strategic initiatives.
Phil Wiser, CTO Hearst, formerly of Sony and Liquid Audio
“I knew I was leaving a bit on the table in our outsourced contracts. But the corporate mandate is growth and innovation, and when further contract improvement seemed to be marginal, my team’s first priorities had to move elsewhere. We can count on RampRate to be precise, timely and create millions in value.”
Dean Nelson, Vice President of Global Foundation Services, eBay
“I have had the pleasure of working with the crew at RampRate several times. Each time they have saved significant time in negotiating and closing contracts for data center space, telecom and managed services, which provided at least 20% savings over what we could have done alone and certainly cut processes in half. Tony and team are extremely knowledgeable in this space and always bring innovation and out-of-the-box thinking to the table.”
Michael Montalto, Accenture
RampRate delivers expert, transformative technology cost savings and optimization services. We reduce risk by refining client and supplier relationships, aggregating service provider data...
We compare your current contract and service requirements with market norms for service level agreements, contract terms, and prices. We sign a mutual NDA . We review contracts, SLA’s, ....
Are you running more and more workloads on a Cloud Platform? Are your Cloud costs climbing out of control? Are you wasting money on idle or inefficiently deployed virtual machine instances, storage...
We would be happy to share with you our experiences and help you understand
the potential opportunities involved in achieving your goals.