Recap: Online Tech celebrates opening of new Indianapolis data center

Indianapolis greeted us with perfect blue sky and unseasonably warm fall weather last Thursday. It was a perfect backdrop for celebrating the opening of our new data center and kicking things off with an Open House to meet our new Indianapolis neighbors and introduce ourselves.

The afternoon started off with a guided tour of the freshly renovated 44,000 square foot facility. Visitors got a sneak peak of both the facility and a chance to meet many of the Online Tech data center team. We started by sharing why we love having Midwest data centers — no hurricanes, no earthquakes, few tornadoes, and a cool climate (below, left).

Then, a walk through our compliant hosting timeline: SAS 70, SSAE 16/SOC 1, SOC 2, HIPAA, PCI, Safe Harbor and an opportunity to meet our wonderful auditor, David Barton (below, right), Managing Director of UHY Advisors, who flew into Indianapolis to join us for the event (and no doubt check a few of our controls :-) ).

We went on to share some insights into our philosophy of Exceptional Experiences, grounded in our four core values:

  1. Win-win or no deal

  2. Great ideas win

  3. Highest credibility

  4. Client focus

We had a chance to highlight our third quarter exceptional experience champion,  Mike Kroon, for not only meeting all of his goals, but also creating exceptional experiences for clients by listening carefully and delivering to their expectations.

Karen Maloney, our Client Services Manager, womanned our Network Operations Center and introduced various members of the client services team (below) throughout the evening while explaining the various monitoring across Online Tech’s network of five Midwest data centers.

Jason Yaeger, Online Tech’s Director of Product Development, highlighted features of Online Tech’s secure, compliant encrypted cloud (below), answering questions about scale out Flash arrays, backup and recovery services, and various other techy topics. Tip of the hat to the professors from Indiana State University for great questions!

Downstairs, Director of Infrastructure Nick Lumsden showed off the engine of the data center (below): power, cooling, and network systems. Nick answered questions about high availability, redundant infrastructure, the Indy facility and our four other data centers.

We were thrilled by the turnout and enjoyed meeting a wide variety of Indiana’s finest from IT and security experts to healthcare compliance specialists, technology students, and even a surprise visit from Indianapolis Mayor Gregory Ballard (below, with Online Tech co-CEOs Yan Ness and Mike Klein).

TechPoint president Mike Langellier (below, left) kicked off a series of brief remarks. He afforded a gracious introduction to Indianapolis’ tech community and shared some of the exciting growth of IT professionals coming to the area in response to internships and externships. Mike presented Online Tech with TechPoint’s Pillar Partner Award (below, right), now proudly displayed in our conference room.

Richard Anderson, IT Service Manager at Kelly Services (below, left), joined us from Michigan to speak about his experiences as an Online Tech client since 2010. Richard shared stories about the importance of partnership in the ever-evolving landscape of technology, and his insights into what it’s like working with Online Tech’s support and client services teams.

Lance Thompson, president of Baseline Data Services (below, right), reflected on his decision to become Online Tech’s first Indianapolis client to support his company’s disaster recovery services before a champagne toast and refreshments concluded the evening.


Miss our Indianapolis Open House? You have one more chance to help us celebrate this year at the Open House celebrating our new Metro Detroit data center from 3-7 p.m. on Tuesday, December 2. Register to save your seat!


Bringing secure, compliant hosting to Indianapolis

TechPoint is driving Indiana’s technology growth

Client profile: Baseline Data Services serious about disaster recovery

Posted in CEO Voices, Data Centers, Online Tech News | Tagged , | Leave a comment

Join Online Tech at cloud-focused TechEx in Detroit on Wednesday

Considering a move to a cloud-based infrastructure? You’ll want to join Online Tech at TechEx | Fall 2014 on Wednesday, Oct. 29, at Ford Field in downtown Detroit.

One of Michigan’s premier technology events, TechEx is hosted by Data Strategy, an advanced IT solutions and support company headquartered in Grand Rapids and with locations in Detroit and Indianapolis. (Strikingly similar to Online Tech’s footprint that includes a Metro Detroit location among four Michigan data centers and one Indiana data center, which is one of several reasons we’re sponsoring TechEx and have partnered with Data Strategy.)

The event begins at 9 a.m. with tours of Ford Field (we get to kick a field goal!) and includes a keynote address from Bob Gill, a research director at Gartner. He will discuss the trends in public and private cloud solutions that help organizations with the on-boarding process to the cloud.

Immediately following, Gill will moderate a panel discussion with industry leaders titled “Cloud Uncovered; Real Perspectives,” which will focus on strategies for adoption and tactical measures taken as CIOs and CTOs discuss “what, where, when and how the cloud will be utilized in their infrastructures.”

Online Tech will be among the organizations exhibiting their products at the event – and we’re giving away a drone! So be sure to stop by.

Posted in Cloud Computing, Michigan Data Centers, Online Tech News | Leave a comment

Offsite backup and recovery: Understanding the hidden costs

Online Tech Director of Product Management, Risk Management Officer and Security Officer

The cost of data loss can be staggering. A study at the University of Texas tells us that 43 percent of companies that experience a catastrophic data loss never reopen, and that another 51 percent close the doors within 10 years.

For small- and medium-sized businesses, the cost is even more staggering: 70 percent of companies with fewer than 100 employees that experience a catastrophic data loss go out of business within a year, according to DTI/Price Waterhouse Coopers.

Smart companies know offsite backup and IT disaster recovery are necessary priorities, but those with first-hand experience knows it can be both complex and unreliable. According to the Boston Computing Network, 77 percent of companies who tested their backup tapes discovered failures. Gartner tells us that 50 percent of backup tapes fail to restore. Companies need reliable offsite backup and recovery options that don’t break the bank to protect data.

Part of controlling costs for your company’s backup and recovery solution is to start with a thorough risk assessment to prioritize what systems are most important to protect. Loss of critical systems tied to daily revenue can be devastating, but chances are that some data, such as archives, can afford a longer recovery process. Start with understanding what systems must be restored immediately compared with those your business can afford to wait on for a while.

What does backup and recovery cost?

Easily quantifiable backup and recovery costs may include one or more of the following:

  • Backup IT Infrastructure. This includes capital expenses such as data storage, application software and networking, as well as the maintenance costs associated with that equipment.
  • IT Backup Operations. Operational costs include systems management and administration, as well as reporting.
  • Data Center Costs. The footprint of your backup infrastructure in the data center creates associated facilities, power and cooling costs.
  • Offsite Data Logistics. Associated costs include transportation as well as storage and handling fees.

These items – infrastructure, operations, data center footprint, and offsite storage – form the basis of your backup TCO, but don’t paint the whole picture. There are hidden costs that don’t always make it into the proposal when you’re implementing a new solution.

Make sure to account for the following costs of offsite backup and recovery solutions, as well:

  • Business continuity and disaster recovery planning and risk assessment. Yes, it costs more, but without it, you may up spending more on non-essential systems while sacrificing the protection of critical systems.
  • Increased operational complexity. It’s hard enough to track everything in the production environment. Add a whole new recovery environment (one you hope to never use) and the burden on your people and processes increases exponentially. If you don’t account for the increased demand on your time, you’re likely to find out that your production and backup environments are out of sync at the worst possible moment: during a recovery situation.
  • Greater preparation for regulatory compliance, encryption and audits. If your protected data is subject to regulations like HIPAA, PCI, SOC 2, or Safe Harbor, don’t forget that you must add the backup environment to your audits. Many regulations call for offsite backup; make sure your environment meets your standards. Are you adding encryption? Make sure to account for potential performance issues for your production systems and test a full backup to verify you can complete a backup within your allotted window.
  • Cost of media. If your organization relies on traditional tape backup, factor in your media costs for the volume of protected data your organization will have one, two and five years from now.
  • Recovery time. Part of a good Business Impact Analysis includes a realistic look at the impact to the business during recovery time. If your business loses a single critical file, and you are forced to restore an entire server or wait for the backup tape, consider the time and money being wasted. Compare this to file-level restoration options that allow the recovery of a single file within minutes of an online click. By the same token, if you know the cost to the business of a critical system, it lets you make better decisions about how much to spend to protect it.
  • Duplicate data storage. Many situations call for both an onsite and an offsite backup. Factor in everything above again if you must maintain both.

Total Cost: An example

Each business has its own unique offsite backup and recovery needs, but I’d like to share an example from our own experience.

When Online Tech first made the transition to leveraging enterprise cloud for offsite backup and recovery years ago, we were able to reduce our redundant stack of backup servers from 23 to two. As you can imagine, the capital savings alone were compelling. Add in the hassle of maintaining all of those servers and periodic replacement, and you can see that any organization using multiple physical servers for offsite backup can benefit from the efficiencies that cloud based backup and recovery offer.

We didn’t just save resources; we saved time. In our redundant stack of 23 physical servers, actually completing a fail over test was a challenge. In the cloud, we had critical systems back online in 45 minutes, with all systems back within four hours. Even better, we are able to spin up new cloud servers quickly. We can even put small clouds on standby where we can amplify resources in a matter of minutes as an alternative to either spending the money to maintain completely redundant infrastructure or waiting days or weeks for new physical servers to arrive.

Moving from traditional physical backup and recovery paradigms to cloud based backup and recovery isn’t just an efficiency improvement, it’s an entirely different mode of protection.

Today’s enterprise backup and recovery solution affords us additional savings with deduplication to reduce backup windows further, along with the nuanced control of being able to restore just one file in the event it is accidentally lost or damaged. As anyone who has had to restore an entire snapshot image will tell you, it is much faster to click the button to bring back a single file than it is to restore an entire server. Waiting for that same file from a tape backup? Prehistorically slow.

If you have questions about transforming your organization’s offsite backup and recovery, here are more resources that may prove helpful:

White paper: Disaster Recovery

Online Tech’s Offsite Backup and Recovery

Webinar: Technical Disaster Recovery Implementation

Posted in Data Centers, Disaster Recovery, HIPAA Compliance, PCI Compliance, Safe Harbor, SAS 70/SSAE 16/SOC | Tagged , | Leave a comment

We spent HOW much time to restore that backup file? Significantly less with file-level restoration

Offsite backup: a necessary evil that can be unreliable, hard to track and expensive to support. We know; it’s not what you got into technology for. Nonetheless, the business depends on putting mission-critical data offsite for those just-in-case moments of disaster.

The problem is, most “disasters” tend to be a single file that someone accidentally deleted or that got corrupted somewhere along the email chain.

Granted, if the primary business location becomes a smoking hole in the ground (perish the thought), we would be thankful to have all of that data available in a remote location somewhere so at least we know it could be restored “some day” instead of “never.” But for the normal course of doing business, what a hassle!

Option A: Recover your offsite backup file from tape

Let’s say accounting needs one file back from offsite tape backup. OK, here we go:

  1. figure out where the file was located,
  2. identify the right tape,
  3. recall the right tape from the vault,
  4. retrieve the tape from the offsite location,
  5. halt any currently running backup processes,
  6. swap the tape back into the library,
  7. attempt to restore the file (50% – 77% fail rate depending on the cited source),
  8. copy it back to the original location,
  9. notify and validate that the restored file is accurate,
  10. pull the tape back out of the library (make sure you have the right one),
  11. prepare for sending it back offsite,
  12. return tape to offsite location and verify its arrival.

When you add up all of the time spent, it could easily reach four hours for an experienced system admin to reliably restore one file. That’s four hours of time NOT spent on the mission-critical projects that are tied to helping the business achieve current goals, one of which is not spending inordinate time on the restoration of single backup files.

Option B: Recover your offsite backup file from snapshot

Maybe you’ve convinced your organization to make the transition from tape to a digital alternative like regular snapshots, meaning taking and storing images of the entire server on a daily basis. Now the restoration of that single file looks like this:

  1. figure out where the file was located,
  2. identify the right snapshot,
  3. download the entire server snapshot,
  4. restore the entire server on local hardware,
  5. find the file,
  6. attempt to restore the file (better odds here over tape),
  7. copy it back to the original location,
  8. notify end-user and validate that the restored file is accurate,
  9. delete the temporary server and downloaded snapshot.

From the initial request to getting the file restored and cleaning up the restored snapshot server, you might have cut the four hours of time to two. Nonetheless, it’s still the time of a resource with a well-paid skillset whose time is undoubtedly better spent elsewhere. Let’s hope you only get these requests occasionally.

Option C: Recover your single file with self-serve file-level restoration

When you have the opportunity to guide your organization to consider an offsite backup and recovery that makes the most effective use of your resources, consider the next two options when factoring in the real costs of your staff.

This is where your blood pressure starts decreasing and you get to allocate more resources on your critical business projects instead of recovering errant files.

If you can leverage a recovery technology that affords file-level restoration, you can use point-and-click with Windows, or console access with Linux, to do the following:

  1. login into your backup server,
  2. browse (Windows) or change directory (Linux) to the location of your file,
  3. select the version you want to restore (yesterday’s? last weeks?),
  4. specify target destination,
  5. click file (windows) or enter console command (Linux),
  6. wait for file to download,
  7. notify end-user it has been restored.

Our clients report it takes 5-15 minutes, depending on file size. Obviously this will depend on how much data you’re restoring and your connection speed. It’s also fair to say that you probably don’t need your most senior system administrator performing these tasks. They don’t have to know how to spin up a new server, be familiar with tape libraries, or unwind a snapshot. In addition to spending less time, you may be spending less for the time spent.

Did you notice the omission of verifying the file restored correctly? Not necessary if you have integrity validation at the time the backup is performed. More about that in a future post.

Option D: Managed file-level restoration

Some providers are now offering a managed flavor along the lines of Backup-and-Recovery-as-a-Service (everything needs to be available “-as-a-Service” these days, right?) In this case, file restoration might be as simple as:

  1. call or submit a ticket with the name and destination of the file to be restored,
  2. notify end-user when it has been restored.

Will you pay more for file-level restoration and managed recovery services? Probably, but don’t forget to factor in the time, headaches, and human resources of managing the “less-managed” solutions.

Cheers to fewer, faster recoveries!

Credit to Nick Lumsden for insights into the pains of backup and recovery.


7 questions to keep your offsite backup and recovery out of the outhouse

7 business drivers for your backup and recovery strategy

White paper: Disaster Recovery

Posted in Cloud Computing, Data Centers, Disaster Recovery, Information Technology Tips | Tagged , , , , | Leave a comment

TechPoint is driving Indiana’s technology growth

Upon moving into the Indianapolis market with the opening of a new 44,000 square foot data center, one of Online Tech’s first orders of business was to become as ingrained in the Indiana tech community as it is in Michigan’s.

With the ‘Victory’ statue that sits atop the Soldiers and Sailors Monument in downtown Indianapolis outside his office window, TechPoint president and CEO Mike Langellier seems to be winning the quest to grow Indiana’s technology base.

Hello, TechPoint.

Led by president and CEO Mike Langellier, TechPoint is a nonprofit economic development organization leading Indiana’s technology growth initiative. It is successfully doing this by focusing on talent recruitment, entrepreneurship and marketing tech and health information technology (HIT) cluster development in the state.

Impressed by the group’s work, Online Tech signed on as a TechPoint Pillar Partner, joining organizations like Eli Lilly and Company, AT&T Indiana and Comcast Business that contribute $25,000 or more annually to the effort.

TechPoint received a boost two years ago when its board of directors lured Langellier from his fast-rising career as an entrepreneur and software executive and charged him with leading the growth initiative into a next generation economy. Langellier accepted the challenge and the impact of his passion for tech and startups and vision of the future is already rippling through the ecosystem.

Whereas TechPoint had previously been known primarily for its networking events, Langellier ushered in a strategic shift to focus on the challenges and opportunities such as talent attraction and retention, capital investment and media promotion.

Langellier will discuss TechPoint and help welcome Online Tech to the Indiana tech community during the grand opening celebration of its Indiana data center, scheduled for 3 to 7 p.m. on Thursday, Oct. 23.

Brief remarks from Langellier, Online Tech co-CEO Mike Klein, Kelly Services IT Service Manager Richard Anderson, UYH LLP Managing Director David Barton and Baseline Data Services founder and President Lance Thompson are part of the itinerary at the no-pitch, behind-the-scenes look at the secure, multi-compliant, enterprise cloud computing, colocation, off-site backup and disaster recovery data center.

Anderson represents Kelly Services, a longtime client of Online Tech’s Michigan data centers. Barton is an auditor who will speak about the rigors of compliance in data centers. Thompson signed on Baseline as Online Tech’s first Indiana client and the Plainfield, Ind.-based company also became a business partner, extending our disaster recovery solution capabilities.

All the speakers will be available for networking and will, hopefully, join fellow attendees in Online Tech’s request to “eat, drink and be merry” at the event. (Register for the open house here.)

Now, back to TechPoint:

The organization’s talent initiative is comprised of the Xtern (retention) and Xpat (attraction) programs. This summer, 50 Xterns lived together on the downtown Indianapolis campus of IUPUI and worked at various area tech companies as part of “the ultimate tech summer internship experience.” The first Xpat event, IndyXmas, sold out and brought expats and out-of-towners from 14 states, several of whom have taken jobs and moved back to Indiana as a result.

To help catalyze startup growth with capital investment, customers and educational Entrepreneur Bootcamps, TechPoint resurrected its Tailwind Initiative with the support of the state’s Office of Small Business and Entrepreneurship and in collaboration with Launch Indiana. Last year, angel investors in the HALO Capital Group surpassed $20 million in investment in Indiana startups.

TechPoint’s signature event, the Mira Awards, honors the best of tech in Indiana. Last year’s sell-out attendance of 1,000 was a record. This year set the record for applications, with 170 applications for 14 awards — a 40-percent increase over the previous record — and almost half of those applicants are first-timers. A new media partnership earned Mira participants and winners a half-hour TV special on Inside Indiana with Gerry Dick, and the Mira Awards is now gaining a reputation for being as fun and energized as it is classy and powerful for the industry.

Lastly, to promote the companies and people in Indiana’s tech ecosystem, TechPoint increased its content marketing and media efforts, primarily with a new website and blog, as well as a growing and influential social media presence. This year the team will spotlight 200 stories and amplify them through channels to millions of impressions, helping to raise visibility for Indiana tech companies and people. New digital tools like a job board for tech openings and a “buy local” tech directory are currently in development.

Posted in Data Centers, Information Technology Tips, Online Tech News | Tagged , | Leave a comment

Online Tech part of webinar presentation of 5 tools to protect patient data

Want to learn more about five tools that can help protect patient data? Online Tech Director of Healthcare IT April Sage will be part of a panel presenting “5 Key Tools to Help Your Organization Achieve HIPAA Compliance” via webinar on Tuesday, Oct. 21.

The 90 minute webinar begins at 2 p.m. ET. (Register here.) presented the five tools in a recent post, citing tips from representatives of organizations in each area. Now those industry experts will co-present a webinar and expand their contributions from their respective areas of interest. is hosting the webinar, which will highlight ways organization can use the tools to make the task of HIPAA compliance easier and more effective.

The five tools and the associated presenters are as follows:

  • Email encryption: Andy Nieto, Health IT Strategist at DataMotion
  • Mobile phone BYOD protection: Daryl Glover, Executive VP of Strategic Initiatives at qliqSOFT
  • HIPAA-compliant storage: Asaf Cidon, CEO and co-founder of Sookasa
  • HIPAA-compliant hosting: April Sage, Director of Healthcare IT at Online Tech
  • Compliance tracking solution: Bob Grant, ex-HIPAA auditor and CCO of Compliancy Group LLC

HIPAA Compliant Hosting White Paper
5 tools to protect patient data
Up your HIPAA IQ with a little HIPAA FAQ

Posted in Data Centers, Encryption, HIPAA Compliance | Leave a comment

Backing up sensitive data for recovery? Meet Mr. FIPS

In regulated industries, sensitive data must both be protected and retained, a challenging juxtaposition in a landscape of increasing cybersecurity threats. In the healthcare field, for example, losing data is one matter. Not having “exact retrievable copies,” as required by law, is another. And protecting those backed up files is equally important.

Healthcare and financial data must be retained for several years, but in many cases companies that handle sensitive data may retain it much longer. This means exponentially more sensitive data being sent offsite for remote backup and archival. Earlier this year, company officials at blamed a breach of its customer database on unauthorized access of its offsite backup data maintained by a third-party hosting provider.

Adding one or more remote locations and/or third parties to your offsite backup and recovery strategy complicates your risk profile, but there are a few things to look for that can help you sleep better at night, even if your sensitive data is stored offsite. If you have to meet compliance and security demands, here are three things to incorporate into your proposals and requirements:

1. Visit the physical location of your backup data

Even if you are going with a cloud-based or a third party tape or media-based offsite backup solution, it helps to know you can fly, drive, walk and point to your backup data. Not only does this improve your ability to accurately assess the risk to that data while in storage, it also increases the odds that you can get it back in a timely manner if you need it for disaster recovery efforts. Spend the few hundred dollars to go visit the facility, it will be cheaper than sleeping pills in the long run and well worth the peace of mind. There’s nothing that tells you more about the safety of your backup data location than experiencing it yourself.

2. Encrypt with Mr. FIPS

Those of you in regulated industries may already know Mr. FIPS, as in FIPS 140-2. If not, please introduce yourself. FIPS 140-2 is a cryptography standard specified by the Federal Information Processing Standard, and referenced by NIST (National Institute of Standards and Technology), the government, healthcare and other industries. Why do we care? If you choose an offsite backup solution that embeds one of the validated FIPS 140-2 cryptographic modules, you have a good level of assurance that the sensitive data you’re storing offsite is protected by strong encryption that had been tested and verified by an independent, third party organization. Unless you have time to try breaking the encryption algorithm yourself, go with an approach that someone else has had the time to test.

For healthcare covered entities and business associates, encrypting your offsite backup with a FIPS 140-2 validated cryptography module means that you can prove due diligence to protect patient data in the event it is lost or stolen. In fact, if the patient information has been encrypted in this manner, it’s not considered a data breach. When you compare any investment into using solutions that meet this encryption standard with the costs of data breach remediation including legal, loss of customer confidence, and remediation, it’s an easy investment to make.

In our own case, it was the deciding factor when Online Tech chose the encrypted version of EMC’s Avamar technology since we serve many healthcare, financial, and eCommerce clients that need to protect sensitive information. This gives us peace of mind knowing we’re protecting our clients data while in-transit and at-rest in our offsite backup.

3. Ask for the audit report

Adding a third party or remote location increases the complexity, but doesn’t need to make you less compliant or secure. Find a partner with the same approach to compliance and security as your organization. If you are handling sensitive, regulated information, this means that they too, should be getting independent, annual audits. Ask for the audit reports, and read them. They should make sense and leave you feeling reassured. If otherwise, keep looking.


7 business drivers for your backup and recovery strategy

3 questions your CIO needs to answer to set your offsite backup strategy

White paper: Disaster Recovery

Posted in Data Centers, Disaster Recovery, HIPAA Compliance, PCI Compliance | Leave a comment

7 questions to keep your offsite backup and recovery out of the outhouse

For many in the Midwest, fall is hunting season, and it wouldn’t be official without an outhouse reference. “Bear” with me; many companies are choosing the outhouse option needlessly as a regular course of their offsite backup and recovery planning.

As everyone plans and budgets for next year, many organizations are re-evaluating if their resources are best spent on managing offsite backup and recovery in-house, or if using a third party can effectively allow them to concentrate resources closer to their core competency and customers.

For some businesses, the cost of buying, building, or leasing  a secondary physical location is an automatic “no”. Others are already maintaining second sites, but may want to focus IT resources on more profitable areas of the business. In these cases, finding an outsourced provider to absorb the operational costs and burden of the complexities can make sense, despite the fact that finding a responsive partner for your offsite backup and recovery can be an elusive search.

As a litmus test for potential backup and recovery partners, ask yourself:

“Will I sleep better knowing my data is protected with [vendor X]?”

If the answer is yes, then you have probably found a good offsite backup and recovery partner. Congratulations, you’re sleeping better than most of your IT peers.

If the answer is no, don’t wait to continue the search until a disaster strikes unless your business can afford a major scramble.

If your business is like many businesses, this might be where you either:

  • flush the whole conversation until next year’s budget, or
  • leave it in a remote, dark place and hope it doesn’t raise a stink later.

In other words, because of budget or other resource constraints, the outhouse is the preferred choice.

Before you resort to hunting camp behavior, let me encourage you to continue the search. The trail might be faint, but the reward is worth your persistence.

Here are some additional questions to get your hunt for an offsite backup and recovery solutions back on track. If you can’t afford to put together and maintain a robust offsite backup and recovery solution in-house, try asking these questions to potential third party backup and recovery providers for the most painless solution that will help you rest at ease:

  1. Do they use their own offsite backup and recovery solution?
  2. When was the last time they tested recovery of their own critical systems?
  3. What is the failure rate of daily backups?
  4. Do they offer file-level restoration, or only a full-server snapshot?
  5. Do they leverage deduplication to optimize backup windows?
  6. If your data is regulated by HIPAA, PCI, SOC 2 or similar, do they maintain their own independent, annual audits?

Bonus points: Will they share a copy of the audit report with you as a client to reduce the burden of your audit process?

Undoubtedly, trying to find the perfect partner for your offsite backup and recovery can feel like chasing that mythical 12-point swamp buck. Don’t let that stop you from exploring all the options.


White paper: Disaster Recovery

Online Tech’s Offsite Backup and Recovery

Webinar: Technical Disaster Recovery Implementation

Posted in Cloud Computing, Disaster Recovery, HIPAA Compliance | Tagged , , , | Leave a comment

5 tools to protect patient data

As HIPAA regulations increase and cybersecurity threats advance, the healthcare industry’s effort to protect patient data gets more complex. Online Tech recently contributed to a story posted on that covers five tools to help protect patient information and ease the compliance burden:

  • Email encryption
  • Mobile phone BYOD protection
  • HIPAA-compliant storage
  • HIPAA-compliant hosting
  • Compliance tracking solution

BlogHIPAA spoke with representatives from industry-leading organizations in each of these areas, each of them focused on compliance. They each provided insight into why these areas are vital components of a HIPAA compliance strategy.


Bob Janacek, the CTO at DataMotion, explained that “unencrypted email messages and files hop from point to point through routes over the Internet until they reach their destination. At any of those points, data is open for scrutiny and can be copied or breached by unauthorized users. When encryption is used, data traverses the points between the sender and the recipient in a secure manner, shielded from prying eyes.”

He offered these best practices to help reduce the chance of protected data from being exposed through email or file transfers. Each is described in full on the BlogHIPAA post:

  1. Keep your email encryption system simple.
  2. Use policy-based gateway filtering.
  3. Look for exceptional handling of file attachments.
  4. Make use of extensive logging and reporting
  5. Require seamless mobile integration


People lose their phones and tablets. If employees’ personal devices contain PHI, a HIPAA breach is virtually guaranteed. From the massive Advocate data breach to the Affinity Health Plan photocopier breach, healthcare executives finally had to face the music and tighten information security controls in a post HIPAA/HITECH Omnibus world.

The folks at Qliqsoft, which provides a HIPAA-compliant messaging platform, say to “provide secure communications in an increasingly unsecure world, one must constantly engage in an open dialogue with industry experts and customers to determine how best to address efficient communication between providers, patients and caregivers at a time where BYOD and text messaging is the norm. One way to ensure security is to cut out unnecessary cloud-based messaging hosts. Utilizing “cloud pass-thru” technology is one powerful way to minimizing the number of potential security risks.”


More than 25 percent of healthcare organizations use some type of external storage for PHI. Dropbox is the most popular cloud storage and synchronization solution, but it does not offer safeguards for HIPAA compliance. Sookasa uses transparent on-device encryption to enable HIPAA and FERPA compliance for Dropbox.

Sookasa CEO and co-founder Asaf Cidon says whichever storage solution you use, there are some tips to follow, starting with a signed business associate agreement. But, wait, there’s more!

“It’s a common misconception that signing a BAA is sufficient to maintain HIPAA compliance. A signed BAA is an important requirement but is not sufficient to guarantee that your data will be safe in the cloud-connected mobile world,” Cidon says. He notes some cloud storage services offer a BAA, but do not offer data protection for PHI when accessed on a device.

Cidon’s key requirements for preventing HIPAA breaches for cloud storage are:

  • Encryption: Encryption of files both on the cloud and on mobile devices and desktops.
  • Access control: Central control of who on your team can access files, even if a device is taken offline.
  • Audit trails: Full audit trails for every file access on the cloud and on mobile.


Hey, this is where we come in!

Online Tech’s Director of Healthcare IT April Sage provided insight into what to look for in a HIPAA-compliant hosting partner. Keeping patient data secure within a data center can reduce risks of having data on portable devices. If an organization focuses on delivering healthcare applications but doesn’t want the burden of maintaining server infrastructure, Sage suggests looking for a hosting provider that embraces and delivers on their responsibility to protect patient data.

Sage said along with making sure a hosting provider can meet an organization’s technical specifications, key things to look for beyond the technology include:

  • Will they sign a Business Associate Agreement (BAA)?
  • Have they been independently audited against the U.S. Department of Health & Human Services’ Office for Civil Rights HIPAA audit protocol?
  • Will they share documentation of the audit with the auditor’s opinion of compliance?
  • Do their people, processes, and technology align to demonstrate a culture of compliance? Don’t underestimate the importance of an on-site visit to see for yourself where your patient data will reside.


End-to-end compliance software allows organizations to achieve compliance, protecting PHI and reducing liability by illustrating to auditors a good faith effort in regard to being compliant.

Bob Grant, a former HIPAA auditor who is now the Chief Compliance Officer at the Compliancy Group said the need for an end-to-end compliance solution is ever increasing.

“Protection of your PHI and reducing your liability is key for your business,” he said. “Using HIPAA compliance tracking software can help you illustrate to auditors that you have done everything necessary to comply with the regulations.”

Grant said the main focuses of HIPAA compliance software should include:

  • Business Associate Management
  • Gap Analysis
  • Remediation Management
  • Incident Management
  • Policy & Procedure creation (Templates)
  • Policy & Procedure Management (Version Control)
  • Attestation Management (Staff attesting to policies, procedures and training)

“Compliance is no longer a three ringed binder up behind someone’s desk; it needs to be a living, breathing solution that everyone in the organization can access,” Grant said.


Up your HIPAA IQ with a little HIPAA FAQ

Posted in Cloud Computing, HIPAA Compliance, Michigan Data Centers | Tagged , , | Leave a comment

Client profile: Baseline Data Services serious about disaster recovery

NOTE: This is the latest in a series of Online Tech client profiles. Read more here.

Indiana-based Baseline Data Services, LLC, was looking for data center space to continue growing its disaster recovery services business. Coincidentally, Online Tech was in the process of investing $10 million to open a secure, compliant, enterprise-class hosting facility in nearby Indianapolis.

The rest, as they say, is history.

Lance Thompson

The two organizations were so impressed with each other that not only did Baseline become the first customer at Online Tech’s new Indianapolis data center, they also formed a partnership to extend each other’s services to their respective clients. A fiber running between Baseline’s facility and Online Tech’s Indiana data center — which opened for business on October 1 — provides convenient and secure communication for shared customers.

“When I met the executives and engineers at Online Tech, I felt like they were an extension of the way we run our business,” said Baseline founder and president Lance Thompson.

Baseline’s focus is strictly on providing disaster recovery solutions, online data protection and virtual private servers to hundreds of companies across 44 states. It has a perfect track record of 100-percent recovery success after more than 100 confirmed disasters.

After more than 25 years in the industry, Thompson has seen expectations for disaster recovery change significantly. His company is focused on meeting the most demanding ones.

“In the past, people were very happy if they could be recovered in less than 24 hours,” he said. “Now, sometimes people need to literally fail over. If they go down in production, they need it back up in a matter of minutes. We’re capable of doing that.”

Baseline’s disaster recovery solutions include core processors, critical servers, image processing systems and individual applications. Not just core software systems are backed up – Baseline adds to backup configuration any third-party applications considered important to a client’s operation, including email exchange servers and domain controllers.

In the event of a disaster, Thompson said Baseline’s engineers “become an extension of the customers’ IT departments” and will recreate their server environment for them so IT can focus on restoring production.

The genealogy of Baseline starts when Thompson left IBM in 1983 to form his own business reselling used IBM computers. The focus of that company gravitated to specializing in the banking vertical and grew to include providing hardware sales, disaster recovery and check processing resources to banks around the country.

In 2006, Thompson sold the hardware sales and check processing divisions of the business and reincorporated the disaster recovery division at Baseline Data Services, LLC. The company expanded its facilities and added the various operating systems it works with today to provide services to middle-market and enterprise-level businesses, in addition to its banking base. Today, roughly 80-percent of Baseline’s new customers are from outside the banking industry.

Baseline operates its own world class, enterprise-level facility with a fully-equipped crisis center that clients can use as an alternative workspace during a disaster. But with that space nearing capacity, it was time to either expand or seek colocation with a data center that takes security and compliance as seriously as Baseline does.

There was only one such option in the state of Indiana – and it was still being renovated. So Thompson took tours of two of Online Tech’s Michigan data centers and later signed on to become the company’s first Indianapolis customer.

“I was running out of space and it was curtailing growth. Online Tech’s data centers made a lot of sense,” Thompson said. “I wanted to stick with what we’re good at and let Online Tech do what it’s good at. As an investment for me, it makes more sense to continue down our path than get into the data center business.”


Disaster Recovery white paper

Visit the grand opening of our Indianapolis data center on Oct. 23

Press release: Online Tech’s Indianapolis Data Center Opens for Business After $10 Million Investment

Posted in Data Centers, Disaster Recovery | Tagged , , , | Leave a comment