There can be no doubt that IT is on the leading edge of digital transformation, driving organizational change that is fully bringing enterprises into the digital era. And there’s no shortage of think pieces and editorials on how this has shifted the role of IT.

But in the discussion, what’s often missing is the perspective of the IT professionals on the front lines, the ones doing the work day in and day out, often spending significant time even after hours to keep the business on track.

What do they think about the IT function, and how would they describe their role in the business?

Here’s what we learned in a survey of 500 IT professionals.

IT Holds the Enterprise Together

“We are the thread that keeps the company running and secure and together.”

“We are the glue that keeps this company together.”

IT is a function that touches every other. Even as its responsibilities have expanded far beyond merely maintaining technology systems, IT’s integration into every part of the enterprise weaves them into the day-to-day of the entire business.

IT Is the Center of the Enterprise

“Our department is the core of our organization.”

“The IT department is the backbone of our organization.”

The nuance here is not just that IT pros believe their work is integral to the other functions: They see it as intimately supporting everything that goes on in the business. In other words, they’re saying that without IT’s constant support, the business couldn’t function at all—an idea perhaps supported by just how much of IT pros’ days is taken up by routine maintenance.

IT Drives the Enterprise

“IT is the brain of the company.”

As the keepers of the tech, the IT function is at the nexus of any modern enterprise’s operations. Businesses are faced with the growing need to quickly adopt and leverage new technology for digital transformation, and IT is in the perfect position to have a central role in these initiatives.

IT Powers the Enterprise

“We are the engine that makes this company work.”

In our survey report, The State of IT Infrastructure Management, we found that 86 percent of IT pros would say that IT is driving their organization’s digital transformation efforts. And certainly, their oversight of the organization’s key technology powers the organization on a day-to-day basis, but their unique ability to drive innovation through technology is what sets the function apart.

IT Is Attached to the Heart of the Enterprise

“We are not only dedicated but attached to the heart of the company making sure every element is covered, fixed, updated and integrated.”

Again, IT sees itself at the center of the organization, a function whose daily operations power the entire organization from top to bottom. And like a heart, IT’s impact on the rest of the organization is far greater than its size would suggest.

IT Is Talking About Transformation—Everyone Should Be Listening

In our survey, we asked IT professionals about the one thing they’d like their CEO to know about their department or team. The range of answers we got highlighted many lessons for anyone interested in the future of IT—and certainly not just CEOs.

But from those responses, we also got a snapshot of a function in flux.

As IT is called upon to do more with less and expectations—both internal and external—change, IT professionals are hungry to be recognized for their unique contributions to the enterprise, and not just as an operational cost center. The colorful metaphors they used to describe their jobs illustrate the passion and enthusiasm with which they approach their work, even with the stress of limited resources and packed to-do lists.

For those in IT, does this resonate with you? And for those of you outside IT, does this change how you think? Weigh in on social media to continue the conversation.

Question: 86% of IT pros say their department is leading their organization’s digital transformation efforts. At your organization, is that the case?

— INAP (@PoweredbyINAP on Twitter)

A friend of mine lives on a high prairie ranch surrounded with highly flammable Gambel oak.

Besides trimming the brush to create a defensive perimeter around his house, he has a bag prepared with important, difficult-to-reproduce documents, such as birth certificates and passports. In the event of a wildfire, his plan is to grab the bag, cell phone, backup drive for the computer and evacuate in his car. He’s willing to let everything else be “toast,” becoming part of his claim to the insurance company.

It’s impossible to clear all valuable items from his home, so he has selectively planned to save what is the most important. Whether we’re talking about your personal belongings or your enterprise’s most valuable assets, having a plan like this is the first critical step toward an effective disaster recovery posture.

Disaster Recovery Planning: Determining What’s Essential

A big part of business continuity and disaster recovery planning is just deciding what to recover. Certainly, it’s “simpler” to just plan to recover all operations for all applications, regardless of any individual application’s level of importance to business continuity. But providing resources—financial or otherwise—to recover everything is not feasible for every organization, nor is it necessarily a wise use of limited time, money and staff.

Some compliance standards may dictate what must be protected and may be audited to prove that data is protected. This can make it easy to determine what to protect, since in many ways, compliance regulations already decide for you.

Most businesses, however, just need to restore operations in order to remain viable after a disaster. In this way, what’s saved is usually just a raw factor of what makes the company money. Let’s walk through a couple of hypothetical examples.

Business Continuity Case No. 1

A COO originally placed priority on preserving his organization’s accounting systems; he wanted to ensure that his business was still able to bill for services even after a disaster.

However, he rethought his strategy to focus on revenue-generating systems: He opted to replicate operational systems that supported customers—the systems that actually contributed to his company’s bottom line. Accounting systems were still next up on the list of priorities, but the COO opted to use cloud backups, with a plan to rebuild systems within a month of disaster—quick enough to make the next invoicing period.

In other words, he prioritized making money with the next priority awarded to billing systems, while still protecting the critical data in those systems.

Business Continuity Case No. 2

An organization’s human resource records were preserved in offsite cloud backups, but it didn’t have a concrete plan for restoring them after a disaster event. At the time, HR systems were still run on local servers. (But most HR support systems have gone to hosted applications now, so this was less of an issue.)

A disaster-recovery-as-a-solution (DRaaS) service would quickly solve the issues, regardless, providing straightforward redundancy for critical systems.

Related to HR were the servers that fed training content to employees, which were relegated to the “toast” category. This doesn’t mean you lose them forever though: Using a service like cloud backups will preserve the training data until a plan can be formulated to restore the servers.

But the important part of the decision-making process is determining what needs to be online right away and what can be restored at a later time. I always ask prospective customers about their priorities.

As a third party, it’s useful to try to understand the decision-making process and whether there might be biases or gaps. But there should always be internal stakeholders asking the same questions—before disaster strikes.

Recovery operations can be chaotic enough without having to triage applications’ importance on the fly. Having a prioritized list of applications ready to go is invaluable.

How Should I Use Risk Impact Analysis to Make the Most of Limited Resources?

Beyond the monetary expense of determining what to save is the effort and manpower expense. As poet Robert Burns wrote in 1786, the “best laid plans of mice and men often go astray.”

Still, it’s best to plan out as much as possible and triage applications ahead of a disaster. This way, your IT staff already know where to spend effort and what to put on the back burner when disaster strikes.

A risk impact analysis helps you think through the probability of disaster and how much any given event would impact your business, allowing you to find a balance between your tolerance for risk with what is actually likely to happen.

For example, a server being corrupted during patch operations is high-probability but might only have a medium impact on customers, unless it’s an extended outage. On the other hand, the probability of a long-duration regional power outage affecting the entire eastern interconnection grid is far less likely but would have an enormous impact.

Risk impact analyses usually include:

• potential threats
• probability of threat occurring
• human impact
• property impact
• business impact

The spreadsheet used for a risk assessment can be made more elaborate by adding up the impact scores (1-3) and then multiplying by probability (1-3) to produce an overall score (here, the max score is 27). See below for an example of a fictitious firm located in St. Louis, Missouri:

In the above example, a key server failure is something nearly guaranteed to happen and would have an absolute impact to the business. A hurricane striking St Louis is highly unlikely and garners a low overall score.

However, because St. Louis is near the New Madrid Fault, it’s at risk of a catastrophic earthquake affecting personnel, property and the business and thus scores very high.

To show how much this can vary from location to location, the following is based on another fictitious firm in Cheyenne, Wyoming:

The key server failure keeps the same score, and Cheyenne is probably as unlikely as St. Louis to experience a hurricane. However, Cheyenne has a less than 5 percent chance of experiencing any seismic activity[1] and therefore has a very low probability of an earthquake. This business may thus want to prioritize not only mitigating server failures but also planning for fire within the manufacturing space.

How to Build Your Business Continuity and Disaster Recovery Plan: Exercises and Templates

I’m a big fan of checklists because I think they’re easier to follow than wordy, step-by-step instructions. (I also buy Atul Gawande’s The Checklist Manifesto for all of my direct reports.) And my friend agrees: If a wildfire is threatening his ranch, he can go down his list quickly and get out.

Similarly, creating a simple five to 10-page plan that is fast, readable, testable and executable will be far more useful than a complex or highly detailed plan that is hard to follow. And once it’s been written, it should be tested, whether formally or informally—but certainly before it’s needed.

You can get started by downloading our Business Impact Analysis Template:

I also recommend defining a communications plan. This might include:

• A phone tree of key business leaders
• A preplanned location to meet at time of disaster (e.g., at another business, a hotel conference room, the CEO’s house, etc.)
• Audio and/or web bridge information for internal discussions
• An external plan for how to communicate to customers (e.g., using a Twitter feed, a status website with up-to-the-minute information, etc.)

The value of a thoughtful business continuity and disaster recovery plan cannot be overstated. Just like you can’t clear the house of all your belongings in the middle of a wildfire, it’s just as important to determine which systems and resources must be saved when catastrophe strikes.

[1] James C. Case, Rachel N. Toner, and Robert Kirkwood Wyoming State Geological Survey, Basic Seismological Characterization for Laramie County, Wyoming, September 2002

What’s the difference between retail colocation data centers and wholesale data centers? What makes colocation either retail or wholesale? Before we answer these questions let’s address colocation first.

What is Colocation?

First, let’s address, “What is colocation?” Colocation involves the housing of multiple servers privately owned and networking equipment in an off-premise, third-party data center. These data center facilities can be sub-leased by various tenants for their IT infrastructure needs. There may be virtual or physical servers in these data centers, network routers and switches, storage devices, and other types of IT equipment or hardware.

What is Wholesale Colocation?

Traditionally, wholesale data centers were facilities where businesses with large footprint requirements rented space and power, bringing everything else with them: IT staff, hardware, IP carriers, cloud connectivity—the works.

What is Retail Colocation?

On the other hand, retail data centers provided some or all of those services for what are generally smaller deployments.

Today, there are many “retail” colocation providers that can accommodate very large footprints while also providing managed services, on-site staff, and carrier and cloud connectivity. In other words, the line between retail and wholesale is much blurrier.

What Are the Benefits of Retail Colocation?

This new status quo is perfect for customers that require large footprints but also want and need the additional services of traditional retail colocation. Let’s dive a little deeper into what the landscape looks like now.

Data Center Power, Space and Pricing

The amount of power required has been the main factor that determines whether any given deployment is a good fit for a retail or wholesale environment. Some data center providers may consider deployments over 100 kW wholesale. Others might set the cutoff at 500 kW or even as high as 1 MW.

And of course, how much power your deployment requires is closely related to how much it will cost, with larger footprints naturally getting more competitive base rent rates. This also means that in general, customers pay a higher rate for smaller footprints.

When it comes to large footprints, it’s not just about power, however. Space is limited in any data center, and for deployments with large power footprints, that has traditionally also meant a large physical footprint.

But with advancements in power density capabilities, the amount of space required has decreased. For example, 1 MW may have required 10,000 square feet of space but can now fit into, say, 3,500 square feet. This is one reason that many retail data centers are now able to accommodate wholesale-sized infrastructure deployments.

Data Center and IT Services and Staff

With any data center provider, you’ll be able to benefit from the physical security measures of the data center, whether robust surveillance, biometric scans or the like. But apart from that, with traditional wholesale data center solutions, all businesses got was the “dirt”: They essentially just rented the space and power capacity and had to handle the rest.

Conversely, retail data centers weren’t necessarily equipped with the power or space to handle those larger footprints but offered additional services to their customers: managed services, remote hands, 24-hour IT staff, wide IP and cloud connectivity.

So for businesses with larger deployments, bringing those additional capabilities to wholesale data centers could be burdensome. Today, with the right data center or colo provider, you don’t have to choose one or the other.

Colo, Cloud and Network Connectivity

One of the biggest service differences between traditional retail colocation and wholesale data center providers is connectivity, whether cloud or IP. As previously mentioned, traditional wholesale customers had to bring their own carriers and direct connections to their cloud platforms.

By working with an IT infrastructure provider that offers both network connectivity and IP services—in addition to your power and secure cabinet or suite—you can simplify your infrastructure solution and reduce the number of vendor relationships you have to manage. This also allows you to leverage the blend of carriers your data center is connected to for applications that require low latency.

Yet while robust connectivity solutions and a wide mix of carriers are enough for many businesses in the market for retail data center space, sometimes customers need more.

Gaming company Blade requires ultralow latency for its cloud-hosted gaming PCs, which is why they are taking advantage of Performance IP, our automated route optimization engine.

Do You Need a Service Partner or a Landlord?

Traditionally, the wholesale data center solutions market was suited to businesses looking for a landlord: If you knew exactly how much power you needed and where you needed it, you could get the space, power and autonomy needed for your IT infrastructure—and at a good rate. If you wanted the full spectrum of services retail data centers provided, however, you were out of luck.

But in today’s market, it’s not all-or-nothing. For businesses looking for a true service partner, not just a landlord, a data center provider like HorizonIQ can be invaluable.

We have state-of-the-art facilities in 21 metro areas, including flagship data centers in Tier 1 markets like New York, Boston and Los Angeles, in addition to wholesale capabilities in strategic locations like Phoenix, Dallas, Atlanta and Seattle data centers. As a colo, cloud and network IT provider, our unique breadth of services and capabilities differentiates us from many competitors in the space by enabling us to provide fully comprehensive, high-performance IT solutions.

We can help you scale and plan for growth, while providing you all the connectivity and additional services you need. It’s not retail versus wholesale anymore; it’s about what your applications, customers and business demand.

How much is a stolen credit card worth? What about a passport?

People on the dark web pay anywhere from $5 to $110 for a card and $1000 to $2000 for a U.S. passport—perhaps more modest than most people might guess.

But what does a stolen credit card database cost a company? With the recent breach of a major hotel chain, which affected 383 million people, the number may total in the billions across multiple class action lawsuits and lost stock value—let alone the intangible hit that the brand’s reputation will take.

Needless to say, in the era of daily reported (and more unreported) breaches, it’s important for every organization to take a close look at their security posture to ensure that they are doing everything they can to protect the personal information entrusted to them by customers and employees alike, in addition to intellectual property and financial records.

But where should organizations start? Maintaining the strictest standards and best practices for compliance must be the foundation for any effective strategy.

How Do You Prepare for the Inevitable Data Security Breach?

This is probably not the first time you’ll hear this—and it definitely won’t be the last—but it bears repeating: At some point, every organization will experience a breach on some level, and it’s best for security professionals to approach it as an inevitability and then plan accordingly.

Here are some helpful tips:

Segregate important data from unprivileged users and data.
Keep your crown jewels separate; after all, you don’t store all of your belongings in a safe—only the important ones. Doing so also helps focus the scope of your compliance.

Have a detailed incident response plan.
Understand how to deal with a compromised system: For starters, determine the scope and scale of the compromise, whether or not to take the system offline immediately (always a safe step), and whose help you are going to enlist to mitigate the compromise.

Maintain good backups.
Often, the only way to be sure that you have removed the vulnerability is to roll back to a time before the compromise occurred.

Log everything.
Firewalls, file integrity monitoring, web application firewalls, system logs, antivirus, etc. Using a centralized Security Event and Incident Management (SEIM) tool can also allow you to piece together and audit how you were compromised and what happened after a security event has occurred.

Encrypt wherever possible.
This will limit any hacker’s ability to read critical info.

Use two-factor authentication.
This limits the danger of phishing.

Stay up to date on security and software patches.
It typically takes time to weaponize software vulnerabilities, so stay ahead of them by keeping up to date.

Security is always an ongoing effort.
It should not and cannot be a “set it and forget it” task on your check list.

What Are Compliance Frameworks, and Why Do They Matter?

Most compliance frameworks—such as PCI (to protect credit card data), HIPAA (to protect health care information) and ISO27001 (a general standard popular in the EU)—include “have-to-have” security technologies, policies and procedures. For example, being PCI-compliant and being able to prove it via an Attestation of Compliance (AoC) is necessary to do business with customers with PCI requirements.

Meeting the requirements of compliance frameworks is a good start to any security program but should not be considered the gold standard or sufficient alone. Frameworks are only updated on a yearly basis, and they’re typically built for a lowest-common-denominator security program. Technologies and practices should be evaluated and updated often, especially for high-value targets.

For organizations without robust compliance teams or experience, service partners and MSPs can support compliance initiatives, providing their time and expertise, while also demonstrating a commitment to protecting valuable customer data beyond the standard compliance frameworks.

What’s a Compliance Audit, and What’s the Most Effective Way to Pass?

Audits involve a third-party security firm (often licensed for the particular audit they are performing) that is brought in to evaluate how the company’s security program is applied to ensure it is in line with the relevant compliance or security framework. An audit is often a requirement for any company that handles sensitive information, as well as for any contractors, third parties or MSPs that are involved in the handling of the sensitive data.

For any company, the desired outcome is a clean bill of health, but often, infractions or vulnerabilities are found and then reported as findings. Regardless of the outcome, an audit can be a stressful time for any company, especially since not all companies have the in-house security teams required to accomplish an entire audit front to back.

This is where having an MSP to partner with makes sense. The MSP is able to handle the portions of the audit they are responsible for, which reduces the load on both the company as well as the auditor, saving money and valuable time.

Working with a managed service or cloud provider that doesn’t ensure the strictest standards of compliance requires that those providers be pulled into the company’s audit, which may cost extra time and money to both the service provider and the auditor. It also can be a pain to schedule and manage across multiple parties, and this can cause delays in the audit, which may result in gaps in compliance.

If your MSP or cloud provider has already independently audited their infrastructure, it does not need to be audited again by the customer’s auditor. Instead, the auditor can use the AoC provided by the MSP or cloud provider to cover that portion of the audit.

For customers with requirements like PCI, a non-clean audit may have a large impact on a line of business’s operations and the entire business, depending on the significance and size of the vertical.  This can include fines, lawsuits and additional culpability in case of a breach or even credit card companies refusing to do business with the company.

How Can a Managed Service Provider Help With Compliance?

Managed service or cloud providers can do the heavy lifting of compliance-related work so you don’t have to. Here at INAP, we maintain a robust, PCI-compliant management platform for dedicated hosting. For customers that require it, we can provide an AoC that speaks to the compliance we maintain for critical pieces of our customers’ infrastructure.

Our technical and solutions engineering teams can also help you design and build a secure environment from start to finish, advising you on new technologies and advanced security procedures to protect your critical information and that your company has a best-of-breed security stance. By leveraging our security and management tools, we can be an “easy button” for your security needs.

The year is 2010. Cloud adoption is growing by leaps and bounds. Soon, everything will be in the cloud, and why wouldn’t it be?

But here in 2019, we know now that the narrative has shifted a bit.

Our recent survey, The State of IT Infrastructure Management, only proves that the story is a little more complex than 100 percent cloud: Among organizations moving some of their on-prem infrastructure off-prem within the next three years, nearly four in 10 plan to move to a colocation environment.

It’s true that both public and private cloud also stand to gain much from the majority of enterprises (56 percent) shifting their environments off-prem in the near future. But even in the age of the cloud, the fact is that many organizations are making colo an integral part of their IT infrastructure strategies.

In this blog post, I’ll unpack what’s behind the shift off-prem and how colocating in a modern data center is a smart, effective way to meet the needs of enterprise IT organizations in 2019.

What’s Behind the Move Off-Prem?

It’s important to first understand why organizations are making the decision to move away from their on-prem data centers in the first place.

According to our survey, here are the top five reasons:

1. Improve infrastructure or data center resiliency or availability (e.g., disaster recovery, high uptime)
2. Improve infrastructure or data center security
3. Improve network performance
4. Improve infrastructure and application scalability
5. Expected cost savings of not operating on-premise data centers

Quite the list! Let’s go through them one-by-one.

The Need for Greater Data Center Resiliency and Availability

With N+1 redundancy and SLA-backed uptime guarantees, Tier 3-design data centers are a clear step up from on-premise data centers. To achieve the same level of power and cooling redundancy on-prem would require significant investment of both time and budget, not to mention maintaining the facilities. But there’s one other issue with on-prem infrastructure: It’s as vulnerable as your office is. For this reason, colo data centers are often located in geographic locations that are not prone to natural disasters. (Think Phoenix, Arizona, for example.) Colo has the additional benefit of being perfect for a second site, as well, whether for backups or disaster recovery.

The Need for Greater Data Center Security

As we covered in a recent blog, security is and will continue to be top-of-mind for IT professionals. With an ever-evolving threat and compliance landscape, many enterprises find it difficult to keep up.

Consider the immediate physical security benefits of hosting or colocating in a state-of-the-art data center, including round-the-clock personnel and multiple layers of access checkpoints before anyone gets close to a cage. By moving their workloads into colocation, organizations can completely offload many of the physical and perimeter security concerns of protecting their data to a trusted service provider, responsibilities that would otherwise fall on in-house teams.

And if you need physical access to your hardware, colocation is the only option you have aside from being in your own data center. If you have unique maintenance or data governance requirements, colocation gives you a level of autonomy that doesn’t exist in multitenant environments, whether public cloud or anything else.

The Need for Better Network Performance

Colocation allows you to take advantage of the mix of carriers that your colo service partner provides, not to mention the enhanced connectivity that plugging into their network backbone enables. Fiber rings create multiple points of egress, preventing any single point of failure for service uptime. But for applications that require ultralow latency, interconnectivity and bandwidth aren’t enough alone. That’s why we’re proud of Performance IP^®, our patented route optimization engine, which automatically puts your outbound traffic on the best-performing path. Watch the video below to learn more about how it works.

The Need for Data Center Scalability

While the cloud—particularly public cloud—is known for its ability to quickly and efficiently scale to meet application requirements, colo providers can also help any organization account for resource needs and plan for growth accordingly. Furthermore, high-density colo environments fit large deployments into smaller footprints. But high power density must be designed for and specially accommodated with fine-tuned power and cooling systems, making high density challenging to achieve for any on-prem data center.

Deployments that require custom hardware are another great use case for colocation. Take gaming as an example: Some of the most innovative companies in the space are leveraging cutting-edge hardware not often available with cloud and managed hosting providers.

To solve this, companies like cloud gaming service Blade (an INAP customer) seek large footprints of colocation space they can power their customers’ hardware with, paying special attention to how they expect to grow. They are able to use the hardware that best suits their business while leveraging our data center and low latency network to do the rest.

Expected Cost Savings of Moving Off-Prem

Many IT leaders I speak with often say they are only utilizing a fraction of their legacy data center space. This means they have unnecessary overhead they could be allocating to more productive uses. Colocating with a multitenant data center provider takes advantage of economies of scale. Enterprises can lease space and power that is rightsized for today and then add as they see growth, receiving guidance and expertise from their colo provider along the way.

Furthermore, some data center providers allow for service portability if needs change: moving from colocation to private cloud, for example. This provides a level of cost risk mitigation should changes in strategy take place.

But the greater ROI on dollars invested in colocating—when compared to maintaining and operating an on-prem data center—is clear when you consider the sheer number of tasks and routine work that you can offload to your colo service provider. In our survey, we found that these are the kinds of tasks taking up valuable time that could be spent on innovation.

The math is simple: Dollars spent on colocation return more compared to on-prem infrastructure, even if your costs stay flat.

Colocation in a Multicloud/Hybrid IT World: It’s Not Either/Or—It’s Both/And

I hope by now it’s clear how modern, state-of-the-art data centers perfectly match the main reasons IT infrastructure is moving off-prem. But this isn’t the story of how colo is better than cloud or anything of the sort. (Though if you find yourself wondering about that, we have a great blog post covering that exact topic.)

As “outsourced” (aka, not on-prem) IT becomes the best way for IT departments and organizations to meet the demands of digital transformation, they would be remiss to not consider the ways in which colo is a strong, logical option, even in the age of the cloud. Resiliency, availability, security, network performance, scalability, cost: Colo can deliver in all of these areas, especially with the help of a trusted service provider to lend you their resources and expertise.