A private cloud infrastructure is an IT environment where the physical equipment is hosted remotely (“in the cloud”). But, the organization is responsible for the management of the IT environment, security, and infrastructure. In contrast, a public cloud is a managed service where a trusted service provider manages the environment. Hybrid solutions also exist where an organization manages specific elements and a service provider manages others.
Medium and large organizations typically use private cloud environments. Private clouds are ideal for organizations with geographically diverse elements and sufficient IT use to justify a full time IT staff positions.
All networks, even cloud-based systems, require physical components to support the underlying IT environment. A Datacenter is a physical location to house the actual physical components (servers, routers, switches, security devices, and large data repositories) of an IT environment. Because a data center is designed for IT equipment, it is typically a custom-built environment designed to be equipment friendly. Datacenters typically have extensive heating, ventilation, and cooling (HVAC) systems to manage all the heat generated by the equipment. There is usually humidity control (dry is better for systems). They also usually have raised the flooring to permit the easy running of cabling to connect devices, fire suppression, and naturally a large supply of electrical power. Backup batteries and generators supplement the power supply.
Physical security is a major feature of a Datacenter. Most Datacenters have multiple layers of physical access security to ensure only properly authorized persons are able to gain access to the secure area. For Datacenters that are used to store sensitive information, such as classified information, or personal medical records, there are physical security standards that a Datacenter must meet to comply with government and industry requirements.
ETTE runs its private cloud infrastructure at a secure facility located in Washinton, DC. The facility complies with the physical and data requirements of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is a US government law designed to protect personal health records while granting appropriate access to authorized medical professionals and insurance providers. The center also complies with the Health Information Technology for Economic and Clinical Health (HITECH) Act, designed to store medical records electronically.
ETTE’s datacenter is also Sensitive Compartmented Information Facility (SCIF) – ready. This readiness means that locations in the Datacenter meet stringent physical, visual, acoustic, electronic and other security elements to permit the SCIF to store, process or discuss sensitive information (like US government classified information). SCIF-ready means most of the required infrastructure to create a SCIF is in place. For example, there are stringent requirements for SCIF ductwork to be constructed to prevent physical access by a person. Also, a SCIF requires adequate acoustic insulation to prevent conversational sounds from escaping. As it cannot be easily modified, compliant ductwork is already present in the Datacenter. Your organization may require a SCIF if you are a US government contractor whose contract occasionally requires the handling of classified and otherwise sensitive government data.
Some of the other key elements of our datacenter are:
The ETTE datacenter features 91,000 square feet of raised floor area for IT systems. The 30 inches raised floor height allows easy cabling access, breaking down into 3 main computer rooms. The Datacenter has17000 square feet of staging office space and an additional 20,000 square feet of adjacent office space. The facility also features a flex work area, containing 12 internal workstations, disaster recovery/business continuity offices, two conference rooms, kitchen, and shower facilities
Our power capacity is 9.5 megawatts via two (2) diverse routed power feeds, backed up by 9 x 2.4 Megawatt generators, and Five (5) 1.8MW Piller rotary uninterruptable power systems. 300KVA dual ended static switch power distribution units fed from four Piller rotary UPS systems distribute our power. The facility also features four 25,000 gallon underground fuel storage tanks which can fuel 37 hours of generator operation at the full 9.5 megawatts
Fire detection is an addressable system with detectors under the floor and in the computer spaces. Our fire system is a dual preaction dry pipe fire sprinkler system.
Five – 650 ton York centrifugal unit chillers comprise our primary and secondary chilled water system. The chillers employ variable frequency drives distributed by 30-ton nominal CRAH air distribution units. Other features include underfloor supply and ceiling return and constant air supply control and central humidification system with dew point control. The water condenser stores 210,000 gallons for 72 hours of conditioning at full load, fed by an external water hookup and backed up by three on-site wells.
ETTE’s Datacenter complies with 21 CFR (Code of Federal Regulations) Part 11, 210, 211 & 820, Annex 11, cGMP’s (current Good Manufacturing Practice, an FDA regulation) and both HIPAA and HITECH. To achieve compliance with all these regulations, the Datacenter must:
Compliance requires physical and electronic security controls to adequately secure data hosted at a Datacenter, even for private clients. The security controls must permit physical access only by appropriately authenticated authorized persons. For datacenters who serve multiple clients, the clients must be sufficiently compartmentalized that if one client were to be compromised, the other systems would remain secure.
Compliance demands recording and logging access to both the physical and electronic elements of the datacenter. The requirement provides forensic information in the event a breach actually occurs.
The procedures for the data center should be written and consistent with data and physical security requirements, and system monitoring (for example, environmental control monitoring). Compliance demands training of all staff on all written policies. Moreover, completing that training and subsequent refreshers should all be documented. For the sake of transparency, these policies and procedures should be available on request. ETTE’s quality system is comprised of 70+ compliance policies, standard operating procedures, and forms, fully tracing to every requirement of the rule.
The final step in compliance is a regular audit by an independent third party. The Electronic Healthcare Network Accreditation Commission (EHNAC), an independent, non-profit organization, accredits ETTE’s datacenter. Using meaningful standard criteria, EHNAC assesses and accredits organizations that electronically exchange healthcare data. ETTE considers our datacenter to be “audit ready”, or ready for a client or responsible third party to review us at any time with or without advance notice.
Note that with a hosted solution, such as a private cloud infrastructure, some of the compliance requirements for electronic security may be a shared burden between the Datacenter and the client organization.