Skip to content ↓ | Skip to navigation ↓

Would you let an architect build your new home without checking their references?

My home is my sanctuary and I would ensure the person building it would construct a home that is safe for me to live in as well as a place I want to spend time in. In addition to their experience and professionalism, what others say about them is one of the most critical, if not the most critical, components of any decision making process.

The same is true of a colocation environment. It is not just a “house” for your assets, but rather, a “home” for the infrastructure that enables your business. I recently underwent the process of choosing a colocation provider. I approached it with the same three vectors as I used for constructing my new home.

Show Your Experience

The first step in identifying the right workers is to show their experience and ensure it meets your expectations.A request for proposal (RfP) process baselines every participant and provides the opportunity to show their value in a standard, fair way. Include physical security concerns as well as logical ones, such as protection against threats to client data, if using their networks.

Are they are Tier III or IV datacenter ( What are their specific redundancy infrastructures? What are their maintenance schedules? What about fire detection? Once submitted, an initial tour is a nice way to get a sense of the environment you would be working in.

Make sure you request appropriate credentials and certifications appropriate to your industry. Are they SOC 2 certified for their processes? Or is SSAE16 sufficient? Do they need to be PCI compliant?

If you are international, do they have ISO Certification? What about LEED certification for energy and environmental design? If you have regulatory needs, check for HIPAA, FISMA, and perhaps NIST.

Do They Work Professionally and Efficiently?

Have the provider show you their run books and do an operations test. Make sure to check on what happens in off hours, escalation procedures, and mitigation strategies.

Include security concerns here, as well as the hard questions like SLA agreements and penalties. They are critical to parse out early.

Prove it with References that will Validate the First Two Requirements

References can provide you with a true insight into provider behavior if you are prepared with the right questions. Make sure to ask the provider for references that are similar to you (e.g., industry and size) to ensure relevance. Be prepared with questions that highlight operational response and commitment.

Ask for examples of a tight timeline or a critical outage and how the provider responded to those scenarios; they inevitably happen. Ask for strengths and weaknesses. Ask how long they have been with the provider and if they will continue/renew (and why), if long term sustainability/relationship is important to you.  Perhaps use LinkedIn to get references they don’t provide?  Those are the most valuable!

When I chose a home builder, he was able to validate his credentials, show me client references and provide a model home tour; I felt like I was walking into a mansion. They had used space and light so well, while maintaining a cozy feel that made me want to stay.

The colocation provider did the same. By working through a Request for Proposal (RfP) process, they demonstrated standardization, including appropriate certifications. The tour validated those data points. The operational component validated their knowledge from top to bottom of the organization. The operations manager knew the same answers as did the NOC personnel.

This is comforting to know that I can escalate and know the person on the other end knows how to handle tough situations. Finally, one customer in particular spoke to me about the way the colocation provider handled issues and outliers. It provided me confidence that the colocation provider would partner with me to solve my business problems, rather than just providing me space and power.

Because I planned and knew what I wanted, I adore the house that I live in and plan to live there a long time. It is a safe place and I enjoy the space. By doing the same research and planning with my business’ colocation provider,  I have also found a secure home for our assets, where I know I will be safe from threats and treated as a partner, for a long time relationship.


Related Articles:



picCheck out Tripwire SecureScan™, a free, cloud-based vulnerability management service  for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management – a widely recognized security best practice among large corporations – easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology.


picThe Executive’s Guide to the Top 20 Critical Security Controls

Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].


picDefinitive Guide to Attack Surface Analytics

Also: Pre-register today for a complimentary hardcopy or e-copy of the forthcoming Definitive Guide™ to Attack Surface Analytics. You will also gain access to exclusive, unpublished content as it becomes available.


Title image courtesy of ShutterStock

Tripwire University
  • Cloudpro

    In a cloud computing system, you can find a significant amount of workload shift. The local computers are no longer required to carry out the heavy lifting thing to run a number of applications. The network of computers in the form of cloud deals with the same.

  • Dean

    ‘Would you let an architect build your new home without checking their references?’

    This should be the case with any proposition with any project of any scale. Experience and references will be any service providers core back up to extensively show their cutting edge marketing strategies. And to be honest, with the amount of information out in the world wide web, it can be said you can find pretty much any information you can in regards to an organisations practices. Additionally, certifications and regulations which are adhered to will increase perceptions and image and for a security project your underlying concept is RISK.

    • Mandy Huth

      Dean, you are absolutely right. With information so openly available, reaching out for others' experiences with said company at LinkedIn, checking certifications, and requesting customer references will all help decrease your risk, which should always be a "go-no go" decision point. Thank you for pointing out the publicly available information we should leverage.