Compliance and Security in the Cloud
A Q&A with Dan Timko
Dan Timko is President & CTO of Cirrity, a provider of compliant cloud services to managed services providers (MSPs), value-added resellers (VARs) and Independent Software Vendors (ISVs). Dan has more than 15 years of information technology and information security industry experience and is a member of the Cloud Security Alliance, Information Systems Security Association and InfraGard. He is also on the Service Provider Advisory Boards for both VMware and Cisco.
StrataCloud: Tell us a little bit about your company and who you serve?
Timko: We are an “X as a Service” partner so we provide everything in the IT infrastructure arena from disaster recovery (DRaaS), desktops (DaaS), backup (BaaS), and core infrastructure (IaaS). We are strong in the midmarket and we started with a strong customer base in healthcare and financial services. Due to the high compliance needs in those fields, we found that our expertise is useful in other industries where security is a major concern. The partners that we sell to white label or co-label the service and sell it to their end customers.
StrataCloud: Do you compete with public cloud providers such as AWS or Azure?
Timko: While there is overlap, I don’t consider those providers to be our competitors. All of the hyper-scale providers have to be so standardized which means that they can’t be flexible for customers. We’ve had some customers that needed to have a physical server on site as part of the cloud infrastructure setup. You can’t do that with AWS. Our firm is more flexible to midmarket needs and we provide a strong support element. The big providers like AWS don’t know who you are and they are not going to do anything special for you.
StrataCloud: What are companies looking for in a “fully integrated compliant cloud service offering” as your website describes?
Timko: On the security and compliance side, you don’t have to read much in the news to know that security and privacy are top concerns right now. We show our commitments in this area with a rigorous program of audits and certifications. We were the first provider in the US to achieve the Cloud Security Alliance STAR certification, for instance. We spend a lot of time with audit teams from multiple agencies who come in here and assess what we are doing. This is a point of trust with customers and doing diligence on providers is probably the most important thing a company can do in moving to cloud computing.
StrataCloud: How have those requirements changed for CIOs/CXOS in the last year or so? What are people most worried about or needing today?
Timko: The main concern is control and data ownership. Companies want confidence that even when their infrastructure is in the cloud, they still own the data. Our customers can access data whenever they choose and they maintain ownership. In security, people are looking for a level of maturity. Customers are asking questions on how we are protecting their environment, where are the lines of delineation. As an infrastructure provider, we control the platform and the equipment and the data center but at a certain point, we hand off management to the customer. They manage the security settings of their servers and the build of their servers.
StrataCloud: What are your thoughts on the evolution of “unified management infrastructure” such as the solutions offered by StrataCloud?
Timko: I think it’s on everyone’s radar for companies at a certain scale. In the midmarket and enterprise it’s huge, because infrastructure has become incredibly complex in recent years in terms of the number of moving parts and configurations. So, having a management system that can rein in all the moving parts is important to reduce costs and the risk of human error. Using systems that can create policy-driven rules enables infrastructure to scale at a more successful rate than if it’s all done manually. Everyone is trying to determine the right solution for that. To date there are lots of siloed solutions that control their own stacks and can maybe integrate with others. It requires a lot of customization to pull these systems and tools together and make everything work like a fine-tuned engine. With companies moving toward the software-defined data center, having unified management infrastructure tools is even more important.
StrataCloud: Yet it seems like IT people love having a bunch of different tools at their disposal.
Timko: I do think companies want to simplify, especially larger companies where they are driven to reduce operational costs. That is a huge requirement for CIOs – to spend less money maintaining what they have and more on making things better. Qualified people are incredibly expensive to hire and they are rare commodities. If you can invest in technology that reduces the time that skilled engineers must waste on managing infrastructure, that’s a solid investment that can really pay off.