Secure To The Core Cloud Hosting

Moving to cloud based solutions is making sense for more and more companies. The cloud offers easy scalability, near-infinite resources, high performance, no maintenance headaches and the opportunity to avoid capital investments and pay only for what you use. The one nagging issue is how secure is the cloud, really?

MegaPath, a major player in private networking and hosted IT services, has taken a big step toward assuring businesses that their data and business process will remain private by introducing a concept it calls “secure to the core.” Just what does secure to the core mean and how can it work for your business?

Nearly every cloud service provider touts its security. This generally centers around the data center itself. Many are SAS 70 Type II and SSAE 16 compliant with physical security that include biometric scanning, a full time security staff, video surveillance and a walled fortress. Inside there are redundant power and cooling systems, fire suppression and multiple WAN connections to the outside world. However, this last group is really more about reliability than security.

With proper personnel screening and all the physical and technical barriers to entry, it’s not that hard to physically keep people out who don’t belong in the data center. It’s more difficult to keep them out when they come in through the Internet.

The Internet is a weak link when it comes to any data security program. The most motivated and talented of wrong-doers operate in this domain. They eagerly stalk potential targets to penetrate and make off with intellectual property, credit card numbers, personal data that can be used for identity theft and anything else of value. It takes talented network security people and an array of firewalls and security appliances to protect high value business, organizational and government assets that face the Internet.

This is where MegaPath has a leg-up on a lot of cloud service providers. They also have the latest in high security data centers that meet stringent industry compliance standards. What MegaPath has that most providers don’t is a large private network completely independent of the Internet.

When you think about it, companies with multiple locations or Intranets that include key suppliers and customers don’t really need the Internet for internal communications. In fact, it is highly desirable to keep internal communications on a private network for both security and performance. MegaPath makes this affordable for all size businesses through their nationwide MPLS (Multi-Protocol Label Switching) fiber optic network. The label switching technology of MPLS makes packet forwarding simple and efficient. It also allows customers to chose from eight levels of QoS (Quality of Service) so that time sensitive packet streams get the priority they need to maintain integrity end to end. This is ideal for enterprise VoIP telephone systems and video conference or telepresence.

MegaPath can offer you MPLS network connections throughout the United States plus Managed SSL VPN, Retail Access SSL and Business Continuity SSL. Their compliance services help companies meet regulatory requirements such as PCI DSS, FFIEC/NCUA, HIPAA/HITECH, GLBA and SOX.

Of course, you probably want Internet connections as well to serve the general public and commercial buyers, and for employee access to the vast information resources available worldwide. MegaPath offers a comprehensive security array called UTM or Unified Threat Management. This includes advanced firewall, intrusion prevention, anti-virus protection, Web filtering, anti-spam, Web application control and data loss protection. These UTM services can be implemented within the cloud, at the customer’s premises or in a hybrid configuration.

Are you looking for cloud services that have rigorous physical and network security protections? Get features and pricing for secure network and cloud services from MegaPath and other high quality providers.

Payroll Software In The Cloud For Small Business

There’s a myth that’s grown up with cloud computing that suggests that the cloud only works for large companies. Nothing could be further from the truth. That story probably got started because major enterprises pioneered the move to the cloud. Today, the cloud is as much or more benefit to the SMB as to multinational corporations.

One good example is the SaaS (Software as a Service) Patriot Software. Patriot offers payroll software, tax filing, time and attendance, employee self-server, and human resources software for businesses operating with 50 or fewer employees in the United States. What all this software has in common is that it is hosted in the Patriot data center cloud, not on your PCs or local servers.

You don’t need IT infrastructure to run your payroll system. An Internet connected computer will give you the access to the cloud that you need. That means you aren’t stuck at a dedicated terminal or your desktop computer. You can take your laptop with you and run payroll from wherever you need to be at no additional charge.

Patriot PAY lets you pay your employees the way you want to. You can define your pay frequency, create an unlimited number of earning codes, define your overtime multiplier, and pay with multiple methods such as cash, handwritten checks, printed checks, direct deposit and payroll debit card. Create an unlimited number of user-defined deductions, such as medical, 401K, expenses, etc. Also create company match / contribution rules that can stand alone or be tied to deductions. All of this is done quickly, easily and securely online.

If you are running a small business, you may have gotten started with a manual system and then switched to a software package that runs on your PCs or servers. You know that there are costs above and beyond the initial cost of the hardware and software that is needed to keep your payroll system up to date. This can get into a considerable amount of labor to run nightly and weekly backups to protect your data, maintenance fixes and version upgrades to the software, loading new payroll tax tables and repair and upgrade of the computer equipment.

All of that grief goes away with cloud hosted solutions, also known as Software as a Service. The actual payroll software runs on a sophisticated cloud server system within the Patriot Software data center. All of the data and servers are housed in a SAS 70 Type II compliant facility that features redundant telecom backbones to the Internet, battery backup augmented by diesel generator backup, and full security. The operations center runs 24/7 to ensure that any problems are caught and fixed quickly. Most small companies have limited security on their systems and little or no support after business hours.

Besides physical security, there is electronic security to protect your data. In this case, Patriot Software uses secure socket layer (SSL) encryption just like banks and credit card companies. The data is protected by 256-bit encryption during transmission. The data servers that save your information are not directly connected to the Internet, so no one else can access your information unless they are physically standing in front of the servers.

What you need to ensure access to the system is a robust dedicated Internet access service with a second way to connect, wired or wireless, to ensure that you can get to the cloud when you need to. Everything else is provided for you on a cost per “seat” or “license” per month basis. This gives you the advantage of knowing your costs and buying only the level of service you need to support current business activity. When things pick up substantially, you simply add order up more capability from the cloud. There is no need to go out and invest in an expensive server system and software to run it just so you’ll have the capability when needed. Cloud services are on a pay as you go basis.

Patriot goes one step further by not requiring any long term contracts for their payroll system. If you want to cancel you can do that without penalty and go back to the way you did business before. Chances are, once you move to the cloud, you’ll like it enough to stay in the cloud.

Are you intrigued by this advanced approach to handling payroll but unsure if it’s for you? Try the system free for 7 days using a sample account pre-filled with sample data that you can experiment with. If you like the way it works, you can go ahead and become a customer. Otherwise, the sample account will be deleted at the end of the trial period and you own nothing. You don’t even need a credit card to give it a try. Go ahead and try Patriot PAY cloud-based payroll software now.

Why Demand a SAS 70 Type II Data Center?

If you are considering a move to the cloud or colocation center, you want to be sure that you are dealing with a high quality operation that has the controls in place to ensure the privacy and security of your data. If you are in certain industries, such as health care and financial services, you may well be required to use this type of facility.

SAS 70 is about a very structured audit into the operations of a company that handles customers’ data. It’s done to a standard developed by the American Institute of Certified Public Accountants (AICPA) called Statement on Auditing Standards No. 70, Service Organizations. This isn’t something you run yourself. You hire an independent accounting and auditing firm that performs the audit and issues a written report.

Actually there are two audits and reports. Type I is used to assess the suitability of controls that the organization has put into practice to achieve the security objectives. Type II includes that information, but is also a review of how effective the controls have operated during the time period being reviewed. That’s why Type II is so desirable. It shows that management has not only created a system but is actually performing to the procedures it has put in place.

What sort of things are audited? Important areas for the auditor include management and organization policies and procedures, physical security of the data center, logical security to ensure only authorized personnel have access to customer data, network security and management, application security and change control, system maintenance controls, incident reporting and resolution, change management, transaction processing, use of subcontractors and business continuity.

You can think of SAS 70 as something akin to the International Standards Organization ISO-9000 quality management standards and auditing for manufacturing organizations. They’re not the same thing, but both have the goal of providing assurance that you are dealing with a company that has effective processes and procedures in place and follows them. The principle is that sloppy seat-of-the-pants operations tend to deliver results that are all over the map. Sometimes things work, sometimes they don’t. You are much better off with a provider that can produce the same results over and over reliably.

What you want in a data center or cloud service provider is an operation that is secure and reliable above all. You wouldn’t prop open the back door to your in-house data center and let anyone who wanted to wander around unsupervised. Likewise, you want the peace of mind that the colocation facility that houses your servers has them secured in locked racks or cages and that nobody who doesn’t belong there can get into the data center at all.

The same is true of the networks that transport packets in and out of your servers. Those connections and the data that traverses them need to be under strict control so that your systems and data cannot be accessed by anyone who doesn’t have your express approval. One advantage of moving to a colocation center is that you are literally within walking distance of your carrier and perhaps your cloud service provider. With all the connections in-house, there is less likelihood of service disruptions or outsiders being able to tap into your data stream.

Service reliability is important as well. Having the servers and appliances locked down is great, but they also have to be on-line 24/7 to fulfill their mission. That’s where backup electrical power, cooling and network connections help keep your applications running non-stop is so valuable. The availability of trained technicians nearby is a way to ensure that if something does go wrong, it gets immediate attention.

Are you interested in moving to a high quality colocation facility or cloud service provider? Many now offer SAS70 Type II certification, so be sure to ask for that assurance when evaluating vendors. Get pricing and location for colocation and cloud services using SAS70 Type II Data Centers.