How compliant are you? Carpathia gets Ethical with its federal hosting service
7/14/2010
Carpathia Hosting, based in Ashburn, Virginia, has been competing with a number of managed hosting providers including Terremark, Virtustream, Savvis and Verizon Business for attention in the US federal government space. And winning that kind of business in the Washington DC area requires speaking the language of compliance and security. Now the company has signed up Ethical Advocate, provider of ethics and compliance training and services, by means of a Web page for whistleblowers, and other confidential vehicles (including hotlines) for reporting on non-compliance with the Sarbanes-Oxley Act, Federal Acquisition Regulation and other regulations about ethical standards.
The motivation behind the sudden need to move to a more compliant environment is that the company contracted to provide anonymous hotline services to the Durham VA Medical Center in Durham, NC. In fact, Ethical Advocate was drawn to Carpathia due to Carpathia's highly secure turnkey Federal Information Security Management Act (FISMA)-compliant hosting facility and for its management services. The applications themselves will continue to be provided and managed by Ethical Advocate's parent company, KJAS, which produces security software, appliances and security expertise.
Carpathia has also signed up Ceridian LifeWorks to supply federally compliant managed hosting services in support of Ceridian's contract with the Department of Defense to provide Military OneSource (MOS) services. Ceridian Health and Productivity Solutions offers services that help companies, government and military organizations attract top talent and reduce health care costs. MOS, on the other hand, provides support to military personnel and their families, including reintegration support; relationship, financial and parenting counseling and information about finding health care and insurance. Although it may not sound like intensive usage of managed infrastructure, consider the fact that there are 2.7 million eligible military personnel and their families across the world, and security is high on the agenda.
What won the customer for Carpathia was the firm's growing reputation in the federal space, presumably brought about by its federal sales team, and its ability to successfully complete the certification and accreditation process and obtain an authority to operate (ATO). The managed hosting offering includes HA server and redundancy from the network through to the storage layer and compliancy. It also includes a mirrored facility using Carpathia's Phoenix datacenter, providing DR and continuity of operations (COOP) capabilities that are required to meet the government recovery point and recovery time objectives.
Due to the rigor of meeting compliance standards, the products have specifically been placed in Carpathia's most secure datacenter, known as the Vault. This facility came about as a result of the ServerVault acquisition last year. The products that Carpathia gained at the time were from ServerVault, which was particularly well versed in federal compliance standards, including FISMA, the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) and agency-specific mandates. On the health care side, this includes the Health Insurance Portability and Accountability Act (HIPAA) and electronic health records management, and in the financial sector, those include standards such as SAS 70, Payment Card Industry Data Security Standards, the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act.
Ethical Advocate itself relies on a reputation for rigorous auditability in terms of security and compliance, as does a company like Ceridian. This is a feather in Carpathia's cap considering the rigorous needs of FISMA-compliant hosting (requiring a great degree of documenting, and personnel and operational reviews). This is also interesting as we're used to seeing North Carolina opportunities fall into the hands of the local hosting incumbents like Peak 10, Hosted Solutions and Consonus, showing how regulation continues to be one of the drivers of outsourced managed services, and how important having referenceable government contracts can be, and being relatively close to the federal government decision makers. The deals should bring with them a reasonable flow of growth, considering the number of contractors and government agencies that are using Ethical Advocate's hotline services, and the potential volume of military personnel using Ceridian's MOS services.
