I recently stumbled across an article describing data loss horror stories from 2011. The most disastrous occurrence described a server being struck by lightning, subsequently set on fire, and incurring water damage from the fire department’s attempt to extinguish the fire. Amazingly, the provider was able to recover all of the data from the charred servers because the company had their data backed up through a cloud service as part of their disaster recovery. Unfortunately, not everyone has a back up recovery plan or is subscribed to a cloud provider who can restore data after such a detrimental disaster. Choosing the right provider who offers the right services is a matter of patience, rationale, meticulousness, and a little bit of common sense.

When it comes to cloud security, one of the most popular features offered by providers is security auditing.  Security audits are what a provider uses as a method of inspecting and maintaining a company’s internal controls, which consist of policies, procedures, and safeguards. The renowned audit, SAS 70 type II, was conceived in 1992 and has since evolved to form SSAE 16. Though both of these audits are commonplace in the security realm, like most other features they do not come without disadvantages that need to be addressed and weighed against advantages by the person or company utilizing the audits.

On March 1, 2012, Massachusetts General Law Chapter 93H and its new regulations 201 CMR 17.00 final procedure went into effect – the provision of which included 3^rd party vendors.

This law, at its most basic premise, protects Massachusetts residents against identity theft and fraud. While the ruling may seem almost obvious and even stir some déjà vu, it’s probably because the law was actually put into practice on March 1, 2010 and similar laws have already been perpetuated in California, Maryland, Nevada, Oregon, and Texas. This final step in the new law was for contracts entered into before the 2010 date that were grandfathered in. The March 1^st, 2012 date completely nullified any grandfathered contracts.   Now, ALL companies or persons in Massachusetts who store or use personal information about Massachusetts residents must have created a written and regularly internally audited plan to protect a Massachusetts’s customer or user’s personal information that includes additional WISPs from third party vendors who also have the ability to see personal information.

It can take new IT consultants anywhere from a couple of weeks to over a month to acclimate themselves to NSK Inc’s work style, ethic, and load. NSK’s newest team member, Ahmed Fadili, didn’t need such a substantial time period to become oriented. In fact, Ahmed was on site with a client during his very first days on the job. Determination and experience like this can be hard to come by and since February 6^th, NSK has felt lucky and excited to have Ahmed spearheading the charge to find solutions to any technical problems encountered by clients on a daily basis.