How hosting and IT operations increase a company’s resilience

Resilience – the ability of a company to withstand and adapt to disruptions and damage – is understood in the corporate context as a capability that affects several areas.

• Operational resilience: ensures business continuity in the event of an incident.
• Strategic resilience: describes a company’s ability to respond to changes in the economic, social and political environment.
• Financial resilience: defines financial health and thus the ability to overcome a crisis.
• Social resilience: recognizes that a company’s resilience depends on the social and political resilience of its communities.
• Organizational resilience: describes the ability of employees, culture and structure to deal effectively with any disruptions that occur.

The technology, material and human resources for operations are therefore a central part of creating operational resilience.
Before deciding on an external service provider for hosting and IT operations, this should be evaluated.

COMPLIANCE: THIS SHOULD BE THE REGULATORY AND ADMINISTRATIVE BENCHMARK FOR HOSTING AND IT OPERATIONS

The hosting and IT operation of applications require a broader view compared to on-premise solutions:

What data protection must achieve:

How does a provider implement technical and organizational measures?

• What authentication and access control mechanisms are in place at a provider for hosting and IT operations with regard to access control?
• What back-up concepts are in place?
• What encryption is in place?
• How is the legal area defined?
• Where is the data stored?

In a nutshell: What do providers do to protect sensitive data?

What SLAs should address:

• What response and reaction times are desired?
• Who has data sovereignty?
• Data backup/restoration: What measures are taken to back up and restore the hosted data? In which cycles are backups made?
• What scope of services is agreed?
• Monitoring/security notifications: How is monitoring carried out and alerted in an emergency? What logs are created in the event of incidents?
• Which process descriptions are relevant?
• What language is used for communication?
• Contract and service level agreements: On the legal basis of which country is the SLA based? Which languages are served? What are the back-up and disaster recovery functionalities? What does rights management look like? Is there monitoring and if so, how? Who is liable? Questions like these are crucial when choosing a company that offers hosting and IT operations.
• Where are the copyrights located?

Updates and patches: What processes and routines apply to hosting and IT operations with regard to updates and patches?

What happens to the data at the end of the contract term?
These are just a few examples of aspects that a good SLA should address.

NORMS AND STANDARDS IN CONNECTION
WITH HOSTING AND IT OPERATIONS

The following certifications can already cover the majority of compliance requirements and ensure adherence to specified standards:

• Certification and testing in accordance with ISO/IEC 27001: Information security management system
• ISO 27001: Certification on the basis of IT baseline protection
• ISO/IEC 20000-1: Service management system
• ISO 9001: Quality management system
• ISO 14001: Environmental management system
• VdS 3406: Object-specific security management system
• PCI DSS: Payment Card Industry Data Security Standard
• ISAE 3402 Type II: Internal control system based on COBIT 5

DATA CENTER: WHEN IN DOUBT, VISIT ON SITE

When it comes to technology, there is indeed an expiry date. The choice of data center should therefore be based on the modernity of the hardware installed and the quality and dimensions of the network architecture should be taken into account. Redundancies are mandatory, preferably even geo-redundancies, with which the “backup area” can be extended globally. Monitoring is the law in a data center! Real-time monitoring can only be ensured if modern management tools are used. Cooling and air conditioning and the necessary infrastructure and technology are must-haves for stable operating temperatures and therefore secure hosting and fail-safe IT operations. Keyword fail-safe: the power supply and an alternative operating mode over a longer period of time are essential.

PERSONNEL: THIS IS WHERE THE WHEAT IS SEPARATED FROM THE CHAFF IN HOSTING AND IT OPERATIONS

Any customer support is only as good as the staff who can act in the background. The employees at the service desk of a hosting and IT operations service provider are in direct contact with the end user – both for questions relating to day-to-day business and for fault reports. Priority A: Prioritize, classify and, above all, document well. IT specialists for system integration, IT system technicians or IT service technicians who are well versed in Microsoft server and client operating systems or Oracle databases, for example, and are also very familiar with hardware and network technologies or the cloud environment, act in this key position.

IT administrators are responsible for the “field” and, in addition to troubleshooting, are also responsible for operation, maintenance and administration, such as Windows or Linux servers. System availability stands and falls with them. They provide functions and services and take care of user administration and the like.

In order for the technology-savvy to be able to concentrate fully on their core business, every company needs efficient operating processes for hosting and IT operations, in which projects are managed, commercial matters and, last but not least, budgetary or contractual issues are clarified. If companies pay attention to the parameters listed here, they have the best prerequisites for operational resilience.