Let’s catch up a bit with news in the data center space:
Japanese giant NTT Communications (NYSE:NTT, news, filings) continued its push in the Asian data center market, announcing the completion of construction of its new Singapore Serangoon facility. It will be fully operational by the end of February, with an official opening set for April. This quickly follows the company’s purchase of a 75% stake in India’s Netmagic last week, and adds to the cloud and infrastructure assets NTT is assembling to address the multinational corporate market.
Over in Europe, the internet exchagne NL-ix says it is establishing a new ‘super-core-site’ with up to 100Gbps port-capacity in Amsterdam. It will be within Equinix’s new AM3 IBX in the ultra-connected Amsterdam Science Park. AM3 won’t be done for a couple of quarters yet, but NL-ix is just planning ahead for growth in traffic levels and peering connections with its third such super-core site.
And there was a flurry of SSAE 16 certifications, as data center providers migrate up from the older SAS 70. DuPont Fabros, NaviSite, and IO each announced meeting the new standards at one level or another. QTS did the same a few days ago, and I’m sure others have similar announcements in the queue. Meanwhile, Terremark (news, filings) [a subsidiary of Verizon (NYSE:VZ, news, filings)] said they have received PCI DSS v2.0 certification for credit card processing at six of its cloud-enabled data centers.
And finally, data center REIT Digital Realty Trust (NYSE:DLR, news, filings) reported its Q4 earnings and offered up 2012 guidance. I don’t yet understand REIT financial stuff, but the street seems to have been happy enough with the company’s projections given that the stock price is now over $70 and at what looks like an all-time high.
If you haven't already, please take our Reader Survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!
Categories: Cloud Computing · Datacenter · Financials
It’s important to note that there are three versions of SSAE 16: SOC (Service Organization Controls) 1, SOC 2, and SOC 3. SOC 1 is essentially equivalent to SAS 70, and shows that an organization is doing what it says it is doing, with an emphasis on financial controls. SOC 2 imposes a stricter security framework that goes well beyond financial controls (around what are called “Trust Service Principles”), and SOC 3 generates a report suitable for public distribution, which comes in flavors labeled “SysTrust” and “WebTrust.”
SAS-70 was heavily misused to try to give the impression of a security validation. Now, if you see a SSAE 16 which doesn’t have SOC 2 or SOC 3, you know there hasn’t really been a security validation.
Oh, an important clarification–like SAS 70, SSAE 16 SOC 1 and SOC 2 come in Type I and Type II varieties, which is not to be confused with the SOC 1/2/3 levels. SOC 3 comes only in Type II. Type I means that controls have been described and assessed based on the description but not tested; Type II means the controls have also been tested.
Thank you for those points Jim. I’m still getting up to speed on SSAE 16, and appreciate the clarification.