Director, Data Center Operations
LightEdge trusted for data security and compliance
Companies rely on their IT infrastructure and data to power their day-to-day operations. LightEdge, a high security and hybrid hosting provider, is one company that enterprises trust to keep their vital systems and information protected. LightEdge operates three state-of-the-art data center facilities in Austin, TX, and Raleigh, NC—secure locations that provide power, bandwidth, environmental controls, security, and around-the-clock support to businesses of all sizes. As an SSAE 16 / AICPA SOC 2 Type 2 certified company, LightEdge undergoes regular audits of their facilities involving the controls over information technology, policies and procedures, and operational activities. Envoy, also SOC 2 Type 2 certified, plays a key role in LightEdge’s security and compliance.
“For customers, selecting a data center provider to manage all or a portion of their IT is a big decision,” said John Martin, Director, Data Center Operations. “You’re putting mission-critical infrastructure into someone else’s hands.” Each facility allows for 24/7 access for customers and vendors to service equipment and conduct installs. Visitors also include potential customers and partners to evaluate the integrity of their data center company before forming a relationship, and of course, auditors to verify compliance. However, the steady stream of entrants to the facilities poses some inherent risk.
Envoy’s visitor management system helps Martin’s operations team conduct two important tasks:
1. Verify the identity of those authorized to access their facilities and deny access to those who are not permitted.
This all serves the purpose of helping LightEdge maintain industry-leading levels of security and forms a portion of the baseline documentation they need to demonstrate compliance.
Easy visitor tracking for enhanced security
Security is a top priority for LightEdge. “As a business that owns and operates multiple enterprise-class data centers, the importance of physical security cannot be understated,” said Martin.
Envoy helps LightEdge protect their customers’ infrastructure and sensitive data by acting as a first line of defense against physical security threats. “When a guest checks in with Envoy, the team immediately verifies them against a customer database before they’re allowed to enter.”
- The badge-printing feature makes it easy to distinguish between employees and visitors. By customizing the badge template, LightEdge displays not just the visitor’s name and company, but also the badge’s expiration date (critical elements under PCI DSS 3.1.)
- LightEdge can identify and keep track of guests with Envoy’s visitor photos.
“Envoy is intuitive for our customers and guests, and makes critical processes much simpler for my team,” said Martin.
Envoy is intuitive for our customers and guests, and makes critical processes much simpler for my team.
Keep seamless records for audit requirements
“As a hybrid hosting provider that serves businesses in the healthcare, financial services, and other verticals with sensitive data and high security needs, we must maintain compliance with a variety of frameworks such as Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standards (PCI DSS), the Sarbanes-Oxley Act (SOX), and more,” stated Martin. “We are responsible for not only limiting access to our data centers to authorized parties, but identifying and documenting all our visitors.”
Included within these compliance frameworks are specific guidelines relating to the physical security of the IT systems that companies maintain - calling specific attention to the documentation of policies and procedures regarding access controls and record-keeping of all individuals that enter their facilities. Should LightEdge undergo one of its regular internal or external, third-party audits, or their customers be required to do so, it is often necessary for them to provide a record of the individuals that have had access to the customer’s servers over the previous six months. Prior to their use of Envoy, this was an arduous task.
“We’re a leading-edge tech company; we don’t want to use an old school sign-in process,” said Martin. “It was a nightmare to keep track of everyone, and strike a balance between the producing documentation for an audit and providing anonymity for our other clients.” When it came time to deliver information for an audit, LightEdge’s team would have to manually review each access log to black out information connected to other customers—a time-consuming process.
In comparison, Envoy’s digital records are seamless to track. John’s team can search for their customers by email addresses; it’s also easy to export a CSV spreadsheet of relevant visitor data for auditing purposes. This allows them to not only drive efficiency into their business, but manage on one very important aspect of their compliance efforts.
Martin went on to note, “In all, Envoy helps us manage several critical business functions and allows us to maintain the utmost in physical security and compliance.”
LightEdge Solutions acquired OnRamp in July 2018.