Hosting Others’ Data? Evaluate These 5 Critical Areas

When done wisely, hosting data for another entity can be mutually beneficial, but it does come with risks. Recognizing pinch points on the front end is crucial for shared success.

Although more areas can be contemplated, members should begin with the five critical ones detailed below when considering this type of arrangement.

The goal is to introduce process improvements and assign responsibilities among parties to allow for a shared environment to thrive. Members should work with legal counsel to protect themselves with a formal written agreement for services. The agreement should include much of what is highlighted below, along with other necessary provisions.

1. Security

When an organization shares a storage space, physically or digitally, it inherently has shared vulnerability. It is important to limit and protect access so only trusted users are able to gain entry. Keep in mind the Minnesota Government Data Practices Act obligations and how the hosting arrangement will ensure compliance with the law. (See 4. Data Privacy.)

Beyond simply allowing or denying access, other security measures need to be instituted, such as continuous monitoring, access controls and content filtering.

The hosting agreement needs to establish which entity procures and renews any third-party security tools, programs or services; and who is responsible for continued use of such products and services.

2. Performance

It is important for the organization to consider server allocation and amounts of storage needed and allowed. These two points can greatly impact functionality.

It is also wise to know any shared peak times of heavy traffic that can overtax the system and hinder performance. Known fluctuations in traffic can be managed ahead of time through load balancing and caching, as well as other actions and processes.

3. Scalability

When an organization allows another entity to access its storage, the agreement should clearly detail what the other entity’s needs are. Having file size requirements and limits identified on the front end should protect the hosting organization from internal battles among mutual parties for space.

When the host’s digital footprint grows, so does its needs. The hosting party must understand what that means for upgrades and updates, and the impact to others or required maintenance. Establishing storage limits contains costs and helps avoid performance issues.

4. Data Privacy

Arguably the most important concern on the list is privacy. It is paramount that compliance considerations are clear and segmentation is achieved to limit access and protect against unauthorized access or exfiltration of information.

Other steps may need to be taken if sensitive data is being housed. Beyond significant access controls, encryption (in transit and at rest) may be appropriate.

Establishing and adhering to an effective data lifecycle management plan is also an effective step to reduce vulnerabilities and to reduce the amount of unnecessary data consumption.

Data lifecycle basically refers to how long the data is necessary or required (i.e., records retention schedule or business need) to be maintained. Once it is no longer needed, it should be deleted. If it must be kept indefinitely, it can be removed from the server and retained in another storage method.

5. Technical Support

The hosting agreement needs to establish which entity is responsible and available to respond to technical issues.

Responsibility and availability go hand–in-hand, as critical functions or service may suffer if technical issues arise, which they unfortunately tend to do.

Having clear directions to the workforce for reporting issues should be established and having technical folks available to match the needs of the services provided are crucial. If one entity is providing time-sensitive services in public safety, it is essential to have technical support at the ready to ensure no critical services go down and stay down for any significant period.