InfonetDC: Quality and compliance strategy for colocation

CYBERS 26.02.2021

As the information security risks are becoming more apparent to companies, many have started dedicating more time to fighting these. But no amount of money spent on firewalls, anti-virus, cloud security, etc can demonstrate this dedication to your customers.

And customers did start asking their critical service providers for information about their cybersecurity posture more often. If the results are not quite satisfying, the customer pulls out of the negotiation and you lose a lucrative sale. The bigger the customer – the higher the chance for them to have a strict vetting procedure for identifying reliable suppliers.

CYBERS regularly helps companies to work on both the security strategy and finding the right answers to such surveys. So, last week, we sat down with one of our own customers’ CEOs – Sergei Zavolner of Infonet DC to chat about the importance of cybersecurity, compliance and its place in the value offering.

CYBERS:  Hi! Could you please talk a little bit about Infonet DC and your data centre?

Sergei: Infonet has a long telecom history but the DC project is relatively young. We have started planning about 8 years ago with a vision of creating a new generation of the data centre for Estonia. Our location is on one hand – almost outside of Tallinn, on the other – you can get to the airport in about 15-20 minutes. There are working areas, storage rooms and everything you would expect, as well as plenty of local and international carriers to take connectivity from. From the start we took Tier-III datacentre standards as our baseline and, I think, we have successfully delivered.

CYBERS: Tier-III is a very high bar, compared to many of the older generation DCs we have in Estonia and Baltics. Why was it so important for you?

Sergei: Our vision was to become a place where international companies, software developers, financial institutions and the like could safely deploy regional server hubs or disaster recovery sites. And objectively, the only thing which can give them a peace of mind is a show of our dedication to compliance. With Tier-III standards in place, we have successfully implemented measures for becoming PCI-DSS certified and now, with your help, are tuning things further to be eligible for ISO27001.

CYBERS: Why did you start with PCI-DSS? In our practice, many companies start with ISO27001…

Sergei: It was a pragmatic choice really. We work with several customers who had the requirement for us to be PCI-DSS certified to match their respective needs. Also, since we take security very seriously, it felt like we already had a pretty good grasp on threats and risks.

Note: PCI/DSS is Payment Card Industry Data Security Standard developed by major credit card companies which dictates security measures for organizations processing a large amount of payment card information and operating in the US.

CYBERS: Now that we have done the additional training on security and ISO27001 and your team is working hard on the new bit for your compliance portfolio, do you feel a larger difference between the two standards?

Sergei: Yes, definitely. I’m not sure how to put it, exactly, but PCI/DSS seemed more focused on particular security measures and, at least in our case, almost minimalistic. While ISO27001, even though we have a pretty good idea for the scope, is much broader. We also decided to take a longer path, examining all potential risks and threats more thoroughly. Also, for PCI/DSS we were mostly self-reliant and as we opted to get help from you for ISO27001 the process seems much clearer.

CYBERS: I know that you are known in the market for highly personalized service and onboarding but what would you call your trademark feature?

Sergei: Well, we had a close look at the values, which our customers expect, and I think that we got good at backup solutions. We have a custom-built tool, which can help our customers set up a disaster recovery environment with us a very reasonable price. It’s quick, easy and we support the customer throughout the project.

CYBERS: This is a line in our every other blog “Get a proper backup”. Any parting words?

Sergei: Well, we are open for business and can accommodate any number of racks and exclusivity in our existing or upcoming modules. Also, if you haven’t seen a modern DC and consider moving away from an older one – contact us for a tour of our facilities.

CYBERS: Well, it’s great to see that we have more data centres in Tallinn focused on actual security rather than just cutting corners. If you need help figuring out how to arrange edge security for data centres or setting up a Security Operations Centre in Northern Europe – let us know!

Latest blog posts

03.03.2022

Cybersecurity as part of defense measures against modern war fighting capabilities

CYBERS in cooperation with Recorded Future will share insights on the ongoing cyber crisis which started several months before the military invasion. This article provides an overview of the current situation, as well as the recommended emergency actions that should be taken by organizations to withstand this cyber conflict.

Keep reading
20.01.2022

Testing and identifying the value of your next cybersecurity solution

The security world is changing rapidly and we are slowly reaching another huge milestone. Not a very happy one though: manual security operations are no longer sufficient. This is a little bit painful to admit but the fact remains: if you rely on the manual labour of CTOs, CISOs and their teams to react to an incident, then you are in for a very rude awakening.

Keep reading
27.12.2021

Are you at risk from the security vulnerability found in the Java-based Apache Log4j logging feature?

A security hole was discovered in the Java-based Log4j logging feature, affecting millions of businesses, government agencies, and cloud services using this popular Apache library. Are you at risk?

Keep reading