As the information security risks are becoming more apparent to companies, many have started dedicating more time to fighting these. But no amount of money spent on firewalls, anti-virus, cloud security, etc can demonstrate this dedication to your customers.
And customers did start asking their critical service providers for information about their cybersecurity posture more often. If the results are not quite satisfying, the customer pulls out of the negotiation and you lose a lucrative sale. The bigger the customer – the higher the chance for them to have a strict vetting procedure for identifying reliable suppliers.
CYBERS regularly helps companies to work on both the security strategy and finding the right answers to such surveys. So, last week, we sat down with one of our own customers’ CEOs – Sergei Zavolner of Infonet DC to chat about the importance of cybersecurity, compliance and its place in the value offering.
CYBERS: Hi! Could you please talk a little bit about Infonet DC and your data centre?
Sergei: Infonet has a long telecom history but the DC project is relatively young. We have started planning about 8 years ago with a vision of creating a new generation of the data centre for Estonia. Our location is on one hand – almost outside of Tallinn, on the other – you can get to the airport in about 15-20 minutes. There are working areas, storage rooms and everything you would expect, as well as plenty of local and international carriers to take connectivity from. From the start we took Tier-III datacentre standards as our baseline and, I think, we have successfully delivered.
CYBERS: Tier-III is a very high bar, compared to many of the older generation DCs we have in Estonia and Baltics. Why was it so important for you?
Sergei: Our vision was to become a place where international companies, software developers, financial institutions and the like could safely deploy regional server hubs or disaster recovery sites. And objectively, the only thing which can give them a peace of mind is a show of our dedication to compliance. With Tier-III standards in place, we have successfully implemented measures for becoming PCI-DSS certified and now, with your help, are tuning things further to be eligible for ISO27001.
CYBERS: Why did you start with PCI-DSS? In our practice, many companies start with ISO27001…
Sergei: It was a pragmatic choice really. We work with several customers who had the requirement for us to be PCI-DSS certified to match their respective needs. Also, since we take security very seriously, it felt like we already had a pretty good grasp on threats and risks.
Note: PCI/DSS is Payment Card Industry Data Security Standard developed by major credit card companies which dictates security measures for organizations processing a large amount of payment card information and operating in the US.
CYBERS: Now that we have done the additional training on security and ISO27001 and your team is working hard on the new bit for your compliance portfolio, do you feel a larger difference between the two standards?
Sergei: Yes, definitely. I’m not sure how to put it, exactly, but PCI/DSS seemed more focused on particular security measures and, at least in our case, almost minimalistic. While ISO27001, even though we have a pretty good idea for the scope, is much broader. We also decided to take a longer path, examining all potential risks and threats more thoroughly. Also, for PCI/DSS we were mostly self-reliant and as we opted to get help from you for ISO27001 the process seems much clearer.
CYBERS: I know that you are known in the market for highly personalized service and onboarding but what would you call your trademark feature?
Sergei: Well, we had a close look at the values, which our customers expect, and I think that we got good at backup solutions. We have a custom-built tool, which can help our customers set up a disaster recovery environment with us a very reasonable price. It’s quick, easy and we support the customer throughout the project.
CYBERS: This is a line in our every other blog “Get a proper backup”. Any parting words?
Sergei: Well, we are open for business and can accommodate any number of racks and exclusivity in our existing or upcoming modules. Also, if you haven’t seen a modern DC and consider moving away from an older one – contact us for a tour of our facilities.
CYBERS: Well, it’s great to see that we have more data centres in Tallinn focused on actual security rather than just cutting corners. If you need help figuring out how to arrange edge security for data centres or setting up a Security Operations Centre in Northern Europe – let us know!