IT Protection

Overview: Privacy and protection

In today’s security-conscious world, it’s more important than ever to know where your business data is and how’s it being protected. Business Networks & Technologiesacknowledge this. And we’re committed to securely storing your data and keeping it safe from prying eyes.

99.99% Uptime – Guaranteed

Our valued customers require the best service possible. A 99.99% uptime SLA means that your business should expect less than an hour of downtime over a calendar year—and, if it should fail to deliver, your business will be compensated for it.

Availability %

Downtime per year
99.8% 17.52 hours
99.9% (“three nines”) 8.76 hours
99.95% 4.38 hours
99.99% (“four nines”) 52.56 minutes
99.999% (“five nines”) 5.26 minutes
99.9999% (“six nines”) 31.5 seconds
99.99999 (“seven nines”) 3.15 seconds
Source: Wikipedia, “High Availability”
How would your business suffer if you couldn’t communicate with customers or employees for a whole day? Or even half a day? With a four nines uptime guarantee, you don’t have to find out.

Privacy and Data Sovereignty

It’s your data. That’s how it’s kept.

Data privacy and data sovereignty

We know the importance of keeping your critical business information safe and secure. After all, the risks of data exposure are significant:

  • It’s your business-critical information. Your cloud contains intellectual property, customer data and financial information. You need to have confidence in how it’s stored and managed.
  • It’s the law. Data privacy laws like Gramm-Leach-Bliley Act, Fair Credit Reporting Act, SEC disclosure rules, HIPAA and the EU Data Protection Directive govern how data must be protected.
  • It’s your reputation. Data breaches can diminish customer confidence in your company.
  • It’s your liability. Data loss can expose your company to financial and legal liabilities

We’re committed to protect the privacy of your data and making sure you are in complete control of where and how it’s used. Examples of our commitment include:

  • Data resides in the U.S. For customers that run hosted services in the U.S, the data resides ONLY in the u.s.
  • We don’t cooperate with the government for surveillance. We do NOT provide ANY government agency with direct access to the network, applications or systems. And we’re not listed among the Internet companies targeted by PRISM on the leaked documents. If we do receive subpoenas, we will defend our customers’ right to privacy by ensuring that every request complies with the law and by only providing the minimum required information.


Protection and Security

There are several ways on how your data is secure and protected. If you have any questions, don’t hesitate to contact our technical support experts at (877) 336-7275.

Multi-tenant platform security
The hosted services use multiple redundant, enterprise-class firewall systems to prevent unwarranted intrusions and to ensure only authorized users access your network environment. This purpose- built security system integrates firewall, VPN and traffic management.

The network environment also run multiple intrusion protection systems (IPS) (both host and network) to detect and deter malicious network traffic and computer usage that often cannot be caught by a conventional firewall. The system monitors for unusual traffic patterns and alerts system administrators of any suspicious behavior.

IPS can also help prevent network attacks against vulnerable services; data driven attacks on applications; host-based attacks such as privilege escalation; unauthorized logins and access to sensitive files; and malware (e.g. viruses, Trojan horses, and worms).

Physical security
Each of the world-class datacenters adheres to the strictest standards in physical security. Each datacenter is closely monitored and guarded 24/7/365 with sophisticated pan/tilt closed-circuit TVs. Secure access is strictly enforced using the latest technology, including electronic man-trap devices between lobby and datacenter, motion sensors and controlled ID key-cards. Security guards are stationed at the entrance as well to each site.

Employee access
Every employee, regardless of role, undergoes a rigorous background check. Employee access to passwords, encryption keys and electronic credentials is strictly controlled using two-factor authentication and role-based access control. Access to servers is restricted to a limited number of authorized engineers and monitored regularly.

Redundant Internet service providers
Each of our datacenters is serviced by multiple Tier-1 Internet providers to mitigate the potential impact of a Denial of Service (DoS) attack on any single provider.

HIPAA Compliance and Business Email

Are you concerned about HIPAA mandates and the cloud?

Want to ensure that your hosted Exchange email complies with the 2013 HIPAA Omnibus Final Rules? Here are 4 questions to ask any cloud provider.

The Top 4 HIPAA Compliance Questions You Need Ask your Cloud Provider

1. Will you sign a Business Associate Agreement?
2. Are your policies and procedures in place?
3. Has your provider had a 3rd party audit?
4. Will you help configure my service?

For many businesses, the decision to move to the cloud is about economics: the cloud provides greater value than an on-premises deployment.

But for businesses that work with Protected Health Information (PHI), there’s a consideration beyond economics: HIPAA requirements.

If you’re concerned about HIPAA compliance, we’ve compiled the four key questions that you need to ask about HIPAA compliance and hosted services—including hosted Exchange email, file sync and share tools, collaboration services like SharePoint, and more.

New HIPAA regulation expands “Business Associate” definition

HIPAA rules state that for a health care organization to be considered compliant, all their “Business Associates” also have to be HIPAA compliant. That’s not new.

What IS new is the 2013 HIPAA Omnibus Final Rule, which expands the definition and privacy protection obligations of “Business Associate” to include subcontractors as far up and down the chain as Protected Health Information (PHI) may be handled. This rule went into effect on March 26, 2013 with a final compliance deadline of September 23, 2013.

This means that datacenters, online backup providers, and cloud services providers can be considered Business Associates if PHI moves through their systems. And that means they need to be HIPAA compliant.
Here’s how this impacts you: you need to make sure that your cloud service providers are HIPAA compliant—because if they’re not compliant, you’re not compliant.

4 questions to ask any cloud provider
Since the financial penalty for HIPAA violations can be severe (up to $1.5M per year) it’s very important that your cloud services provider is compliant. Here are the four most important questions to ask.

1. Will you acknowledge that your company qualifies as a “Business Associate” under the new definition, and will you sign HIPAA Business Associates Agreements?
Business Associate Agreements are required between Covered Entities and Business Associates; between Business Associates and any Subcontractors they use, and between Subcontractors. This goes all the way down the line to any person or entity that contacts or maintains PHI.
Your provider must be willing to sign a Business Associate Agreement that acknowledges their role and responsibility under the 2013 HIPAA Omnibus Final Rule. Without that agreement you really have no assurance that they are compliant.

2. Have you implemented HIPAA-specific policies and procedures, conducted a HIPAA risk analysis, and completed workforce training?
Your provider should be able to provide a clear written statement of policies and procedures to acknowledge that they act as a Business Associate. They should have trained their staff and associates who might potentially handle Protected Health Information.

3. Has your organization submitted to a third-party audit to validate your HIPAA compliance?
Having a 3rd party perform a gap assessment on HIPAA compliance is very important for the cloud provider and offers you valuable protection. It gives them an accurate appraisal of their compliance efforts, and it lends credibility with regulators.

4. Do your services need to be specially configured to be HIPAA compliant, and will you help me with that configuration?
Some services may require special configuration to by fully compliant. Your provider should be able to clearly explain what needs to be done, and they should offer assistance and advice on performing the configuration. Even better, they should configure the service for you.

Do you have any questions about HIPAA compliance in the cloud? Contact Business Networks & Technologiesat 1.877.336.7275.