DataYard’s 2023 Predictions – Cloud Forward

Cloud Computing

DataYard has been helping technology professionals deploy cloud computing solutions for over a decade and as the needs of the market evolve so do our solutions. This report outlines our predictions for next year. We leveraged strategic and budgeted plans from our clients, partners and regulations to establish this punch list of likely focus points we are going to be addressing next year! 

Top 9 Top Cloud Computing Trends in 2023

The cloud has been a game-changer for the tech industry, and it shows no signs of slowing down. With such rapid growth, it can be tough to keep up with the latest trends. But knowing what’s on the horizon is critical for businesses that want to stay ahead of the competition. Here are top cloud computing trends that will impact IT professionals in 2023;

  • Artificial intelligence (AI)
  • The Rise of Serverless Cloud
  • Hybrid cloud
  • IoT Platforms
  • Automation
  • Secure Access Service Edge (SASE)
  • Cloud Disaster Recovery (CDR)
  • Edge computing
  • Virtual cloud desktops 
  • Artificial Intelligence (AI)

Cloud data centers provide everyone with the computing power and bandwidth that machine learning platforms need for training and processing data. The majority of the “every day” AI we encounter every day—from Google Search to Instagram filters—lives in the cloud, where machine learning is used to manage storage infrastructure and route traffic from data centers to our devices. In 2023 and beyond, this interdependence between cloud computing and artificial intelligence (AI) will only deepen. Language modeling, which improves the precision with which machines can grasp human languages, and “creative” algorithms, generative machine learning that can produce anything from art to synthetic data to train additional AIs, will be major themes in AI. Cloud computing will undoubtedly be crucial in both providing these services to customers and creating the necessary infrastructure. 

  • The Rise of serverless Cloud

Serverless cloud is a new concept that is gaining market traction from providers such as Amazon (AWS Lambda), Microsoft (Azure Functions), and IBM Cloud Functions. It’s also known as “functions-as-a-service,” and it means that businesses aren’t constrained to leasing servers or paying for fixed quantities of storage or bandwidth. It provides a true pay-as-you-go service in which the infrastructure increases discreetly as an application’s needs change. Of course, it isn’t truly serverless – the servers remain – but it offers another degree of abstraction between the user and the platform, removing the need for the user to become involved in configurations and technicalities. Serverless computing in the cloud will play a significant role in the broader trend of generating new user experiences that make innovation more accessible throughout the cloud and the entire digital landscape.

  • Hybrid cloud

Many businesses choose a hybrid cloud approach, which combines public cloud services with the establishment of a private cloud dedicated to a single organization. This is particularly true for firms that gather sensitive data or operate in highly regulated industries such as insurance, where data privacy is critical. A hybrid solution is appealing because it provides the required level of control while allowing organizations to innovate and scale as they roll out new services for their customers. The global hybrid cloud market is anticipated to be valued at $145 billion in 2026, up from $51 billion in 2020. 

There are a variety of cloud computing courses. Master any of the cloud computing courses and make yourself an expert in cloud applications and architecture and steadfast your career. 

  • IoT Platforms

One of the most well-known cloud computing developments in today’s hyper-connected society is the rise of IoT platforms. According to one analysis, the number of connected things utilized would increase to 25 billion by 2021, up from 14.2 billion in 2019. An IoT platform is a cloud-enabling platform that works with common devices to enable cloud-based applications and administrations. IoT acts as a middleman, gathering data from multiple devices through remote device setup and smart device management.

  • Automation

Automation is a crucial driver of cloud adoption, particularly when it comes to boosting company operations efficiency. Companies that consolidate their data and systems on the cloud can automate many of their internal procedures, such as data consolidation from multiple locations or the generation of business intelligence dashboards. Many organizations are striving to tighten connections between different pieces of software in order to better manage their expanding cloud footprints and ensure that solutions from diverse suppliers perform seamlessly together.

Automation Testing courses in Dubai are perfect for you if you are looking to work in an agile IT environment. Automation testing professionals hold the opportunity to escalate their careers in diverse job titles.

  • Secure Access Service Edge (SASE)

Secure Access Service Edge (SASE) is a cybersecurity concept that establishes a secure link between applications/services and organizational entities such as people, systems, and devices. SASE is a framework for integrating network security services (like SWG and FWaaS). It also offers extensive WAN capabilities to support digital businesses all across the world. As a result, industry analysts believe SASE can help businesses defend against cyber threats. Several SASE providers now provide secure web gateways (SWG). This can also assist your organization in blocking undesirable traffic while complying with company security standards.

Businesses are reconsidering their approach to security and risk management as employees use more services and data from their own devices that are not connected to their organizations’ IT networks. Gartner’s Secure Access Service Edge (SASE) is a cloud-based approach to IT security that addresses the changing nature of work. Companies that use a SASE architecture benefit from cloud-based network security services such as secure gateways, firewalls, zero-trust network access, and more. This is a strong approach to IT security that enables enterprises to deploy new cloud services fast while remaining confident that their systems are secure. 

  • Cloud Disaster Recovery (CDR)

Cloud disaster recovery is a cloud-based solution that integrates a number of backup methodologies and services to protect resources such as data, programs, and configuration. Following a crisis, these cloud backups enable firms to restore any impacted data and restart normal operations. Emerging cloud trends can assist businesses in developing a dedicated, custom-made cloud disaster recovery solution. 

  • Edge computing

It is a technique for improving the distributed computing network framework by doing information preparation at the organization’s edge, near the source of the information. It continually relies on cloud employees to deal with less time-sensitive material or to keep information for as long as feasible. Rather than a centralized cloud, this type of cloud computing brings data processing — collection, storage, and analysis — closer to the sources of the data. This minimizes latency while also enabling the use of edge devices. Edge computing powers smart gadgets like smartphones, smartwatches, and smart cars, as well as the interconnectedness of all the data created by these technologies. 

  • Virtual cloud desktops

A virtual cloud desktop, also known as desktop-as-a-service, is a cloud-based service that sends the whole desktop operating system and software applications directly to a laptop, desktop, or another device. Companies are simply charged for the time their employees spend signing in to their devices, and they are not required to pay for hardware upgrades. Virtual cloud desktops may also be immediately scaled, ensuring that businesses always have the licenses and devices they require to service their expanding workforce. According to Allied Market Research, the global market for virtual cloud desktops is expected to reach $10.2 billion by 2023, rising at a compound annual growth rate of 16.5 per cent since 2017.

To sum it up

In 2023, cloud adoption will continue to revolutionize the corporate landscape, assisting businesses in addressing some of their most pressing concerns. We continue to see a rapid digital transition, and it is fascinating to watch how technology evolves and new trends arise. It will be interesting to see how these cloud tendencies develop further. It is important to get on board with adoption. These trends will have a good long-term impact on your company and your clients. 

7 Technology Trends Emerging In 2022

A PC and Mac next to each other on a desk
  1. Digital-First, Remote-First Dominates the Technology Landscape

Let’s start with the most obvious technology trends as we look to 2022 – digital-first. It is mainstream and shaping business today. For example, workforces are more remote than ever. As a result, they demand more substantial connectivity, plus greater reliability from that connectivity. And they require it 24/7.

Your customers have come to expect a similar service level. For many, digital has become the preferred means of communicating and interacting with your business. Your reward for keeping pace with that demand is greater customer loyalty, not to more improved competitive differentiation.

Not surprisingly, according to a study by IDC, 70% of all organizations have accelerated their use of technology. As a result, new technologies and space redesigns will emerge to support hybrid collaboration.

  1. 5G Helps Deliver that Digital-First Focus

Improving networking and interconnectivity requires better and faster connections—for example, 5G averages more than 100Mbps, with peaks of 20Gbps. Plus, 5G supports up to a million connected devices per square kilometer versus 100,000 for 4G networks.

In addition, as the Internet of Things (IoT) becomes even more integral in business and our personal lives, the reliability of those internet connections becomes paramount. On a side note, the IoT certainly deserves mention as a continually emerging trend.

Equally important, the sheer number of people connecting to the internet has grown exponentially. For instance, 3.4 billion users used the internet in 2017. As we enter 2022, internet usage will expand to another 1.4 billion users. Moreover, those users will consume 4.8 zettabytes of data annually, whereas users consumed 437 exabytes of data in 2012. So, 2022 levels reflect a multiple of 11 compared to 2012 levels.

As a result, 5G will take center stage next year in the U.S. owing to its more substantial reliability and expanded bandwidth. All the major internet providers – AT&T, Verizon, and T-Mobile – will expand their 5G coverage. In 2021 alone, 5G connections globally tripled to 670 million.

That greater bandwidth delivers more responsive experiences. It also allows technology companies to make their devices more immersive. In addition, use cases for the IoT become more expansive, and with that comes greater adoption of edge computing. In short, 5G technology enables business much more than its predecessor, 4G.

By the way, 6G capabilities will begin to take shape in 2022. Starting in 2020, a Next G Alliance represented by Apple, AT&T, and Google, among others, has directed its focus on pushing toward 6G capabilities.

  1. More significant Expansion of Cloud Services

Gartner predicts cloud services spending will increase to more than $482 billion in 2022, up from $314 billion in 2020. Deloitte projects the industry cloud market at $640 billion within the next five years.

Source: Gartner

Although enterprises have reportedly migrated more than 83% of workloads to the cloud, there remains a chasm for what they host privately. Owing to compliance, regulatory, security, and privacy concerns, enterprises still maintain a sizable technology footprint in their data centers. That opens the door to a greater reliance on hybrid clouds and multi-cloud infrastructures to bridge the gap between data hosted on public clouds and on-prem.

Cloud-native applications will expand, as well. To optimize digital experiences, providers will take advantage of the cloud’s native capabilities, namely self-service provisioning, elasticity, and the power of cloud-managed services.

Cloud-native offloads the hosting burden and cost while optimizing business and technical process automation. Moreover, it allows the 24×7 response demanded by digital.

Finally, key cloud service providers like Amazon (AWS), Microsoft (Azure), and IBM present the serverless cloud as a solution. Often referred to as “functions-as-a-service,” organizations no longer tie themselves into leasing servers or paying for fixed storage amounts or bandwidth.

You don’t have to contend with configurations or technical concerns as a user. Instead, the serverless cloud delivers a bona fide pay-as-you-go service that scales as required.

  1. Artificial Intelligence Impacts Cybersecurity

Cybercrimes continue to escalate. By 2021, costs reached $6 trillion and will climb to $10.5 trillion by 2025. In addition, a single data breach in 2021 cost an average of $4.24 million. Meanwhile, ransomware claims have grown 150% since 2018, according to AIG.

It’s little wonder, cyber artificial intelligence (AI), though in the early stages of adoption, presents a trending IT solution for 2022. As a result, the market will grow by $19 billion between 2021 and 2025.

As the cyber-threat landscape evolves, organizations need real-time monitoring and remediation solutions. And AI plays a substantial role in providing those capabilities. For example, it delivers real-time network traffic analysis that enables faster response and remediation of threats. In addition, it can more readily identify risks and cybercriminal behaviors to prevent future attacks.

In 2022, you can expect organizations to deploy threat management, threat intelligence, endpoint detection and response, continuous vulnerability scanning, and Security Operations Centers with greater frequency. If they’re incapable of managing these services internally, outsourcing IT support to managed IT service providers or cybersecurity companies will provide an option owing to cost reductions and greater efficiencies.

By the way, hackers have become increasingly familiar with the benefits of AI. So, expect them to enlist AI to launch attacks.

  1. Cybersecurity Technology Trends Shaping 2022

No technology discussion can be complete without addressing cybersecurity. It shaped 2021 and will continue to do so in 2022. We just mentioned how AI would impact the security space but, here are some other trends that will shape the cybersecurity industry next year:

  • Focus on Application Security: The first half of 2021 saw a 348% increase in API attacks, according to a report by Salt Labs. In addition, Gartner predicts that API abuses will become an enterprise’s most frequent attack vector. As a result, more organizations will take a strategic approach to API security, accounting for unique business logic in application source code. In addition, anomaly detection via AI will support improved API security and defense against known and unknown threats.
  • Improving Edge Security: As IoT devices proliferate, your attack surface expands. As a result, edge security becomes critical. Improved security starts with a focus on devices themselves. But, it extends to security protocols to improve protection, including deployment of next-gen endpoint protection.
  • Deployment of Zero-Trust: Today, security extends beyond an organization’s perimeter. Hybrid and remote workforces, the increased use of mobile devices, bring your own device (BYOD), and cloud services require a different approach to security. Consequently, zero-trust architectures will become a critical trend in identifying verified users. Moreover, micro-segmented areas associated with zero-trust provide more granular verification control.
  1. Locking Down Supply Chains: Supply chain attacks increased considerably in 2021. For example, 82% of organizations suffered a data breach due to a supply chain security weakness (BlueVoyant). So, not surprisingly, we’ll see enhancements to supply chain security throughout 2022. As a result, many organizations will request a complete list of software components leveraged within a software solution from supply chain vendors. Indeed, 60% of organizations will use cybersecurity risk to conduct third-party transactions by 2025 (Gartner).

  1. Edge Computing Emerges as a Key Technology Trend for 2022

As IoT devices increase, edge computing increases. By 2022, the global edge computing market will reach $6.72 billion.

Edge computing relieves the latency issues attached to cloud computing. By moving processing to where it needs to happen, organizations can deliver time-sensitive data to remote locations. In addition, it can do so with limited or even no connectivity to a centralized location. As such, edge computing acts as a mini data center.

Of course, the expansion of edge computing requires a more significant focus on security as many devices inherently lack security.

On the horizon…

  1. Blockchain Enjoys More Industry-Wide Adoption

Blockchain, cryptocurrencies, and nonfungible tokens (NFTs) have been the darling of the media and the public. But these technologies are moving to the enterprise starting in 2022.

For example, Deloitte’s 2021 Global Blockchain Survey presented that 80% of the survey participants indicated their industries “will see new revenue streams from blockchain, digital assets, and/or cryptocurrency solutions.” As a result, spending will increase from $5.3 billion in 2021 to $34 billion in 2026.

Banking tops all industries from an adoption standpoint, followed by telecommunications, media, entertainment, manufacturing, healthcare and life sciences, retail and consumer goods, and government.

At its core, blockchain enables companies to track transactions and conduct business with unverified parties without the need for a trusted third party to validate the transaction.

Making a chain of data that you can only add to and not change increases security substantially. In addition, blockchain is consensus-driven, meaning that no single entity can assume control of the data. Moreover, it reduces business conflicts while improving transparency, immutability, decentralization, and an append-only structure.

Cloud Adopters & the Pending FTC Security Requirements – Are You Ready?

If you’ve adopted cloud computing strategies within your organization, you’ve already taken strides to keep up with the times in the ever-changing world of technology. As a result, your decisions have enabled scalability, reliability, and (hopefully) top performance — but did you know that most cloud infrastructures lack the security features required in the upcoming FTC Privacy Compliance Regulations? Not to mention the numerous processes and procedures your team MUST follow to obtain compliance and avoid major fines! 

At DataYard, we consider data security to be part of the foundation of our solutions – it’s a theme in every design, implementation, and managed cloud engagement we have. The reality is infrastructure and software alone are NOT enough under the current regulations. Companies must implement incident recovery, training, documented policies, and assign a dedicated owner / single point of contact of the organization’s privacy compliance efforts and strategy.

So the question is: Do you really have your yard in order when it comes to data security?

Third-party data service providers, especially those providing cloud computing services, are faced with unique and difficult privacy and data security challenges. While many companies that directly collect data from consumers are bound by the promises they make to individuals in their own privacy policies, cloud service providers are usually not a part of this arrangement. It is not entirely clear what, if any, obligations cloud service providers have with regards to protecting the data of individuals with whom they have no contractual relationship. This problem is especially acute because many institutions sharing personal data with cloud service providers fail to include significant privacy and security protections in the contracts that govern the exchanges. As such, individuals can be placed at the mercy of contracts that they did not negotiate and that offer insufficient protection of their data.

Since the 1990s, the FTC has been regulating companies in privacy and security matters under Section 5 of the FTC Act. This statute prohibits ‘‘unfair or deceptive acts or practices in or affecting commerce.’’ 6 The FTC has brought an extensive number of cases for problematic privacy and data security practices. We discuss in more detail how the FTC has gone about crafting a law of privacy from the ground up in our forthcoming article, ‘‘The FTC and the New Common Law of Privacy.’’ 7 Privacy and data protection attorneys at the large law firms, in-house counsel, and attorneys everywhere else follow the FTC closely. They look to the FTC for guidance about standards to follow. Thus far, the FTC has been more of a standard codifier than a standard maker. Instead of blazing a trail by creating new norms and standards, the FTC has waited until norms and standards have developed and then begun enforcement. Once the FTC has been enforced based on a particular standard, that standard achieves a new level of legitimacy and formality. For all intents and purposes, the standard becomes law. Because the law of privacy and data security is so fragmented, so magma-like in its nature, the FTC has had an unusually influential role in shaping the law of privacy and data security by embracing certain standards and norms that have achieved a decent level of consensus. For a long time, these standards have focused on what companies must do to protect the privacy and data security of personal data that they maintain. This year, however, there is an existing FTC case focusing on the standards for how a company, GMR Transcription Services, Inc., shares personal data with external data service providers.

In this case, the FTC found GMR to be deficient in doing due diligence before hiring its data service provider.12 Looking broadly at the complaint, there are three key things that the FTC is now requiring companies to do when it comes to contracting with data service providers: (1) exercise due diligence before hiring data service providers; (2) have appropriate protections of data in their contracts with data service providers; and (3) take steps to verify that the data service providers are adequately protecting data. This GMR case has several important implications. It indicates that organizations that hire data service providers may be directly at fault in many instances. The case also solidifies the principle that companies have duties of data service provider management — in choosing, contracting with, and overseeing vendors. This means that if a vendor has a problem, the organization that hired the vendor will also be under scrutiny.

Organizations that use data service providers for data processing might not just be victims if the data service providers make a blunder. They might be to blame if they failed to follow appropriate data service provider management practices. FTC enforcement based on inadequate data service provider management signals that standards in this area are starting to mature. The GMR case does not define the precise contours of what constitutes adequate data service provider management, but the details will be fleshed out over time. This FTC case has signaled that more attention should be devoted to the issue, and we can now expect more companies to take a closer look at their own data service provider management practices. The word is out that poor data service provider management might conflict with the FTC Act. Even without a data breach, poor data service provider management alone might still be a cause for FTC enforcement. Although the FTC generally cannot enforce against public-sector entities, the GMR case still has important implications. The case now establishes more clearly that there is a standard of care when it comes to contracting. The principles in this case apply to nearly all businesses, and FTC decisions reflect the consensus norms about privacy. If nearly all companies are legally obligated to do what the FTC demands in this decision, then this puts a lot more pressure on schools and other public-sector organizations to do so.

Protections of Third-Party Beneficiaries 

The FTC is also not limited in protecting consumers only when they have a direct relationship with an entity that maintains their personal data. In its early cases, the FTC focused primarily on enforcing company privacy policies. Since then, the FTC has broadened its enforcement far beyond privacy policies. Deception is a broad concept, and it is not limited to the explicit promises a company might make. Unfairness is even broader. An ‘‘unfair’’ trade practice is one that ‘‘causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.’’13 An exceptionally wide range of activities has been included in the FTC’s unfairness and regulatory efforts.14 Many of the alleged unfair actions seek to take advantage of vulnerable consumers, making exploitation the focus of many unfairness allegations.15 Thus, the FTC has very broad and general regulatory authority by design to allow for a more nimble and evolutionary approach to the regulation of consumer protection. Because FTC enforcement is not tethered to any specific privacy policy and is primarily focused on protecting consumers, it becomes quite apparent that the FTC has the authority to regulate entities maintaining personal data even if those entities do not make any promises directly to the people to whom the data pertain.

The FTC’s power to protect third-party beneficiaries of institutional bargaining extends to companies that provide cloud services to public-sector entities. Although the FTC can generally only regulate commercial entities under Section 5,22 when public-sector institutions such as schools use private-sector cloud service providers, the FTC can regulate the cloud service provider. Although the cloud service provider might not have a direct relationship with the individuals whose data they maintain, these individuals are third-party beneficiaries of the privacy promises made by those who provide data to cloud service providers. As such, if a school enters a contract with a cloud service provider where student data is shared with the provider, that provider must live up to consumer expectations. Moreover, if the provider negotiates a deficient contract with a school, the deficiencies in this arrangement might themselves be contrary to student expectations. 

Cloud Service Providers as Data Stewards 

The FTC has started to embrace a larger philosophy that third-party data service providers should act as data stewards. In other words, companies that collect, use, and share personal data have certain responsibilities owed to the data subjects. These responsibilities could include ensuring harm from the use and distribution of data is minimized using technical safeguards, administrative procedures, and contractual terms. Data stewardship is already a concept embraced in certain specific areas, such as health care. The FTC’s approach draws upon the tradition of ‘‘third-party beneficiaries’’ in contract law, whereby intended third party recipients of benefits of a contractual term are entitled to enforce that term even though they are not technically a party to the agreement.23 Good stewardship even has a fiduciary-like quality whereby relationships with stark disparities in power are sometimes treated differently than those who negotiate at arm’s length. In this way, the FTC approach is similar to that of courts when finding implied obligations of confidentiality.24 Consumers have very little ability to ensure that cloud service providers protect the personal data that were entrusted to them, which makes these consumers vulnerable and largely unable to reasonably avoid risk. The FTC has laid the foundation for establishing standards of data stewardship on each side of the cloud service relationship. The next steps have yet to be taken, but the path is there, waiting to be traversed.

the FTC staff has also issued extensive guidance on online behavioral advertising, emphasizing four principles to protect consumer privacy interests:

  1. transparency and control, giving meaningful disclosure to consumers, and offering consumers choice about information collection;
  2. maintaining data security and limiting data retention;
  3. express consent before using information in a manner that is materially different from the privacy policy in place when the data was collected; and
  4. express consent before using sensitive data for behavioral advertising.

The FTC has not, however, indicated that opt-in consent for the use of non-sensitive information is necessary in behavioral advertising.

In terms of enforcement, the FTC has frequently brought successful actions under Section 5 against companies that did not adequately disclose their data collection practices, failed to abide by the promises made in their privacy policies, failed to comply with their security commitments, or failed to provide a ‘fair’ level of security for consumer information. Although various forms of relief (such as injunctions and damages) for privacy-related wrongs are available, the FTC has frequently resorted to settling cases by issuing consent decrees. Such decrees generally provide for ongoing monitoring by the FTC, prohibit further violations of the law and subject businesses to substantial financial penalties for consent decree violations. These enforcement actions have been characterized as shaping a common law of privacy that guides companies’ privacy practices

Cybersecurity and Data Breaches – Federal Law

Cybersecurity has been the focus of intense attention in the United States in recent years, and the legal landscape is dynamic and rapidly evolving. Nonetheless, at the time of writing, there is still no general law establishing federal data protection standards, and the FTC’s exercise of its Section 5 authority, as laid out above, remains the closest thing to a general, national-level cybersecurity regulation.

That said, recent years have brought a flurry of federal action related to cybersecurity. In 2015, Congress enacted the Cybersecurity Information Sharing Act (CISA), which seeks to encourage cyber threat information sharing within the private sector and between the private and public sectors by providing certain liability shields related to such sharing. CISA also authorizes network monitoring and certain other defensive measures, notwithstanding any other provision of law. In addition to CISA, Presidents Obama, Trump and Biden have issued a series of executive orders concerning cybersecurity, which have, among other things, directed the Department of Homeland Security and several other agencies to take steps to address cybersecurity and protect critical infrastructure and directed the National Institute of Standards and Technology (NIST) to develop a cybersecurity framework. The latter, in particular, has been a noteworthy development: while the NIST Cybersecurity Framework provides voluntary guidance to help organizations manage cybersecurity risks, there is a general expectation that use of the framework (which is laudable, accessible, and adaptable) is a best practice consideration for companies holding sensitive consumer or proprietary business data. (The federal government’s response to the recent wave of cyberattacks is further detailed in Section II above.)

Specific Regulatory Areas – Federal Law

Along with the FTC’s application of its general authority to privacy-related harms, the United States has an extensive array of specific federal privacy and data security laws for the types of citizen and consumer data that are most sensitive and at risk. These laws grant various federal agencies rulemaking, oversight and enforcement authority, and these agencies often issue policy guidance on both general and specific privacy topics. Congress has passed robust laws that prescribe specific statutory standards for protecting the following types of information:

  1. financial information;
  2. healthcare information;
  3. information about children;
  4. telephone, internet and other electronic communications and records; and
  5. credit and consumer reports.

We briefly examine each of these categories and the agencies with primary enforcement responsibility for them below.

Financial Information

The Gramm-Leach-Bliley Act (GLBA) addresses financial data privacy and security by establishing standards pursuant to which financial institutions must safeguard and store their customers’ ‘nonpublic personal information’ (or ‘personally identifiable financial information’). In brief, the GLBA requires financial institutions to notify consumers of their policies and practices regarding the disclosure of personal information; to prohibit the disclosure of such data to unaffiliated third parties, unless consumers have the right to opt-out or other exceptions apply; and to establish safeguards to protect the security of personal information. The GLBA and its implementing regulations further require certain financial institutions (i.e., banks) to notify regulators and data subjects after breaches implicating nonpublic personal financial information, often referred to as NPI.

Various financial regulators, such as the federal banking regulators (e.g., the Federal Reserve, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency) and the Securities and Exchange Commission (SEC), have authority to enforce consumer privacy under the GLBA, while the FTC (for non-bank financial institutions) and the Consumer Financial Protection Bureau (CFPB) (for certain banks and non-bank financial institutions) do as well. (Insurance is regulated at the state level, so GLBA financial privacy in this sector is administered by state insurance commissions.)

The SEC has also increasingly used its broad investigative and enforcement powers over public companies that have suffered cybersecurity incidents. In doing so, the SEC has relied on multiple theories, including that material risks were not appropriately disclosed and reported pursuant to the agency’s guidance on how and when to do so and that internal controls for financial reporting relating to information security did not adequately capture and reflect the potential risk posed to the accuracy of financial results. Of particular note, in 2018, the SEC published interpretive guidance to assist publicly traded companies in disclosing their material cybersecurity risks and incidents to investors. 

The SEC has suggested that all public companies adopt cyber disclosure controls and procedures that enable companies to:

  1. identify cybersecurity risks and incidents;
  2. assess and analyze their impact on a company’s business;
  3. evaluate the significance associated with such risks and incidents;
  4. provide for open communications between technical experts and disclosure advisers;
  5. make timely disclosures regarding such risks and incidents; and
  6. adopt internal policies to prevent insider trading while the company is investigating a suspected data breach.

Healthcare Information

For healthcare privacy, entities within the Department of Health and Human Services (HHS) administer and enforce the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH) Congress enacted HIPAA to create national standards for electronic healthcare transactions, and HHS has promulgated regulations to protect the privacy and security of personal health information. In general, HIPAA and its implementing regulations state that patients generally have to opt-in before covered organizations can share the patients’ information with other organizations.

HIPAA’s healthcare coverage is quite broad. It defines PHI as; ‘individually identifiable health information . . . transmitted or maintained in electronic media’ or in ‘any other form or medium’. Individually identifiable health information is in turn defined as a subset of health information, including demographic information, that ‘is created or received by a health care provider, health plan, employer, or health care clearinghouse’; that ‘relates to the past, present, or future physical or mental health or condition of an individual’, ‘the provision of health care to an individual’, or ‘the past, present, or future payment for the provision of health care to an individual’; and that either identifies the individual or provides a reasonable means by which to identify the individual. Notably, HIPAA does not apply to ‘de-identified’ data.

With respect to organizations, HIPAA places obligations on ‘covered entities’, which include health plans, healthcare clearinghouses and healthcare providers that engage in electronic transactions as well as, via HITECH, service providers to covered entities that need access to PHI to perform their services. It also imposes requirements in connection with employee medical insurance.

Moreover, HIPAA also places obligations on ‘business associates,’ which are required to enter into agreements, called business associate agreements, to safeguard PHI. A business associate is defined as an entity that performs or assists a covered entity in the performance of a function or activity that involves the use or disclosure of PHI (including, but not limited to, claims processing or administration activities).Such agreements require business associates to use and disclose PHI only as permitted or required by the agreement or as required by law and to use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for by the business associate agreement. The agreements also include numerous other provisions regarding the confidentiality, integrity, and availability of electronic PHI.

HIPAA and HITECH not only restrict access to and use of PHI, but also impose stringent information security standards. In particular, HHS administers the HIPAA Breach Notification Rule, which imposes significant reporting requirements and provides for civil and criminal penalties for the compromise of PHI maintained by covered entities and their business associates. The HIPAA Security Rule also requires covered entities to maintain appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI.

Information About Children

The Children’s Online Privacy Protection Act of 1998 (COPPA) applies to operators of commercial websites and online services that are directed to children under the age of 13, as well as general audience websites and online services that have actual knowledge that they are collecting personal information from children under the age of 13. The FTC is generally responsible for enforcing COPPA’s requirements which include, among other things, that these website operators post a privacy policy, provide notice about collection to parents, obtain verifiable parental consent before collecting personal information from children, and other actions.

Telephone, Internet, and Other Electronic Communications and Records

A number of legal regimes address communications and other electronic privacy and security, and only the briefest discussion of this highly technical area of law is possible here. In short, some of the key statutory schemes are as follows:

  1. the Electronic Communications Privacy Act of 1986 (ECPA) protects the privacy and security of the content of certain electronic communications and related records;
  2. the Computer Fraud and Abuse Act (CFAA) prohibits hacking and other forms of harmful and unauthorized access or trespass to computer systems, and can often be invoked against disloyal insiders or cybercriminals who attempt to steal trade secrets or otherwise misappropriate valuable corporate information contained on corporate computer networks;
  3. various sections of the Communications Act protect telecommunications information, including what is known as customer proprietary network information, or CPNI;
  4. the Telephone Consumer Protection Act (TCPA) governs robocalls and texts; and
  5. the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act governs commercial email messages, generally permitting companies to send commercial emails to anyone provided that the recipient has not opted out of receiving such emails from the company, the email identifies the sender and the sender’s contact information, and the email has instructions on how to easily and at no cost opt-out of future commercial emails from the company.

The Federal Communications Commission (FCC) is the primary regulator for communications privacy issues, although it shares jurisdiction with the FTC on certain issues, including notably the TCPA.

Credit and Consumer Reports

The Fair Credit Reporting Act (FCRA), as amended by the Fair and Accurate Credit Transactions Act of 2003, imposes requirements on entities that possess or maintain consumer credit reporting information or information generated from consumer credit reports. Consumer reports are ‘any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility’ for credit, insurance, employment, or other similar purposes.

The CFPB, FTC and federal banking regulators (e.g., the Federal Reserve, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency) share authority for enforcing FCRA, which mandates accurate and relevant data collection to give consumers the ability to access and correct their credit information and limits the use of consumer reports to permissible purposes such as employment, and extension of credit or insurance.
For more information on how DataYard can help you prepare for the implementation of new FTC regulations, please visit us at

Widespread Phone Outage, 9/27/2021

DataYard engineers are aware of widespread outages with major phone carriers that are preventing many of our customers, as well as DataYard, from being able to receive phone calls. While we work to restore phone connectivity, our support team is still available via email at [email protected] and via our customer support portal at

We appreciate your patience and will post more updates as new information becomes available.

[RESOLVED] Global Internet Outage, 8/30/2020

[8/30/2020 @ 11:35AM] It appears that CenturyLink, one of our upstream providers, has implemented a fix, and traffic around the world — including Internet traffic to/from DataYard — is starting to return to normal. Our team noticed things starting to improve around 10:19AM this morning, but we wanted to make sure that everything had truly stabilized before posting an update here.

[8/30/2020 @ 08:31AM] DataYard engineers are aware of a global Internet outage this morning that is affecting many of our customers. The outage is not with DataYard’s services or data center but, because of the nature of the problem and how the internet works, the outage elsewhere is interrupting much of the internet traffic around the world. Our team is currently doing as much as they are able to manually route traffic to other upstream providers to circumvent the outage and restore connectivity to our data center.

We appreciate your patience and will post more updates as new information becomes available.

Google Chrome Updates – Is Your Site Secure?

The world’s most popular Internet browser, Google Chrome, is releasing an important update in the coming weeks.  Starting with the public and stable release of Chrome update 68, the browser will show a yellow “warning” icon next to the URL of web sites which are not protected by a SSL cert, and when this icon is hovered over a “Not Secure” warning will be displayed.  With over 53% of total browser market share, this update is sure to affect a wide swatch of users and websites.

Read the Google blog post here.

Not sure if your website will be affected by this change?  Visit your site in a browser, and then look at the URL in the address bar.  If your address begins with “HTTP” and not “HTTPS”, your visitors may start to see a warning when this update is released.

To get ahead of the curve on this, give us a call or send us an email – for $175 a year, we can purchase, coordinate, and install a fix for this issue for any DataYard hosting customers.  Just another way we are here to help you make IT better.


Just Keep Swinging : DataYard Celebrates 23 Years

This year at DataYard we celebrate 23 years of hard work, ambition, and success. First things first, we want to thank all of our wonderful, loyal clients who have chosen us for 20 years or just over the last year, your trust in us means everything. Secondly, we want to thank our team that is committed to serving our clients day in and day out. Lastly, we wanted to take a minute to thank and recognize, Dave Mezera. Who knew that what three Air Force buddies cooped up out of passion and tinkering would become the finest IT company in the Gem City.

If you’ve had the chance to experience a DataYard award then you know they are all unique and often recognize the most extraordinary to the most nominal achievements. This year while celebrating our 23 years together at a Dragon’s game we wanted to recognize the giver of the most awards at DataYard, Dave Mezera. Without Dave, DataYard would cease to exist the way that it does today. His love and attention have made DataYard great to its clients and its team.

This year, 2018, marks 23 years of business for DataYard, but it is not the first time that 23 years has been a monumental year. In fact, one hundred years ago exactly in 1918, another fine accomplishment was achieved by none other than the great Babe Ruth. The Boston Red Sox were coming off an incredibly successful season where Ruth had played nearly every game due to his affinity for hitting. He mostly played in the outfield in the shortened season of 1918 but would beg to return to his role pitching.

That year the Boston Red Sox faced off with the Chicago Cubs for the pennant. In Game One, Ruth was on the mound and ended up giving the Red Sox their first victory. Prior to Game Four Ruth injured his hand in a fight but still took the mound and pitched the game. Thanks to some outstanding support from his team he was able to get the Sox a victory and a 3-1 series lead. Here’s the thing, before allowing the Cubs to score in that 4th Game, Ruth had pitched twenty-nine and two-thirds consecutive scoreless innings, a record for the World Series that stood for more than 40 years. The next year in 1919, Babe Ruth would go on to have an unprecedented spell of slugging home runs, which gave him much of his notoriety. But, Ruth would reminisce that he was prouder of that record more than any of his jaw-dropping batting feats.

What does a historically spectacular baseball player have to do with DataYard today? Nothing, we have no company baseball team, we don’t have a World Series of I.T., we don’t even host a website that talks about Babe Ruth, but we can celebrate greatness. The last 23 years have been nothing less than incredible for our DataYard family and for Dave, or El Capitan as we call him. Similar to a baseball team there have been people who have come and gone, changed the game and ultimately made this team great, but one thing is constant Dave has been there and he’s invested time, resources and energy into this thing we call DataYard and the clients, community, and staff are all the beneficiaries.

Babe Ruth’s greatest personal feat was throwing some pitches, but his notoriety and fame were seen in his ability to hit the ball. His pitching success proceeded the incredible batting future he would achieve. We too believe that the best years are to come for DataYard. Some of our fondest memories and great accomplishments may be in the past but our greatest feats are still to come. So, we want to say thank you, Dave, and just keep swinging!

New and improved Connect Mail

We’d like to thank you DONet & DataYard mail users alike. We’ve spent the last several months bringing you a whole new revamped Connect Mail experience. These upgrades will not require any of our customers to make any changes to their mail clients.

One of the biggest changes you will notice right away is that we’ve changed our webmail platform. We’ve integrated many of our previously separated services into one single pane of glass. Within the new webmail, you will now be able to set forwarders, auto responders, and even create filters to filter your mail. We feel this new experience will be much more user intuitive and stream lined.

When you login to the new webmail, you should see all of your mail, folders and settings. This includes all of your signatures, identities, contacts and contact groups.

Screen Shot 2018-03-10 at 8.45.06 AM

The new settings will have some similar features you should be accustomed to using, but you will also notice some new links. On the left hand side you will notice a mobile sync tab which can be used to now synchronize your webmail/mail calendar to your phone, along with all of your contacts.

Screen Shot 2018-03-10 at 8.45.28 AM

You will also notice these three tabs next to your folder structure. These are the new locations for you to forward your mail, setup auto responders, and filter incoming messages. No longer will you need to use your to make these changes.

Screen Shot 2018-03-10 at 8.45.37 AM

Screen Shot 2018-03-10 at 8.45.45 AM

Screen Shot 2018-03-10 at 8.47.55 AM


Let us know if you have any questions, concerns, or just want to chat: 1.800.982.4539 or [email protected] Remember to follow us on Twitter (@datayardtechops & @datayard)!

HTTPster Update

HTTP (Hypertext Transfer Protocol) is the default protocol used to transfer data between a Web server and a Web browser. When you open Internet Explorer, Chrome, Firefox or Safari and type a URL in the address bar (for example,; you’re actually sending an HTTP request to DataYard’s Web server requesting information; in this case DataYard’s homepage. When DataYard’s Web server receives this request, it searches for the desired information and responds to your Web browser with the appropriate information. This information is then displayed on your monitor and the HTTP connection is closed. If you were to click on any link within the home page, another HTTP request is sent to the Web server and it responds with the desired data and again displayed on your monitor.

HTTP is inherently insecure, meaning information is sent in plan or clear text. Why is this noteworthy? If a savvy person were to “snoop” on your Internet connection, they’d be able to read the data rather easily using simple tools found all over the Internet. This isn’t such a bother when you’re browsing for the latest football scores or reading up on recent events. However, if you’re paying bills, checking bank accounts or attempting to secure a loan of some type via an online finance tool, this becomes seriously concerning. The answer: HTTPS.

HTTPS (Hypertext Transfer Protocol Secure), as its name implies, is HTTP’s much more secure brother. If you were to type “” into your favorite browser, you’ll likely see the address change and it’ll look like this…

Why is this, though? It’s because Google uses an SSL (Secure Socket Layer) certificate to encrypt data sent between their Web servers and your Web browser. Much the same can be said about almost any other Web domain that would be expected to serve up sensitive information (banks, online shopping, investment entities, utility companies that accept online payments, etc.). Without this certificate or HTTPS, if you were to complete an online shopping transaction and someone happened to be “snooping” on your device or Internet connection, they’d be able to see the details of your purchase in plain or clear text. Credit card information, shipping addresses and other details of your transactions would be wide open for the world to see. So how does HTTPS work exactly?

When an SSL certificate is purchased and placed on a Web server, the Web server holds a private key, basically an encryption algorithm that tells its public key holders how to decrypt the information its sending back and forth. Let’s take our first example of HTTP but this time we’re going to use HTTPS.

It’s time to pay bills and instead of using snail mail, you’ve opted to go green and pay online. You enter your vendors Web address in your browser, Immediately upon this request, Electric Company’s Web server will send your browser a public key, instructions on how to decrypt the encrypted information via the private key. Confused yet? You shouldn’t be. All this decrypting and encrypting is transparent to the user and is exclusively handled by the browser and server.

As you enter your credit card information and click “SUBMIT”, your credit card information, account details and other personally identifiable information is sent to the Web server within a snug, tightly-wrapped blanket of human-unreadable characters that can only be deciphered by the Web server and it’s private key. So the guy that’s been “snooping” on your Internet connection would only see a very lengthy and incoherent string of characters that would envy Da Vinci’s cryptex.

Now that you have a better understanding of HTTP and HTTPS, as well as their differences and advantages; how does one go about “securing” their Web site? It’s rather simple, actually and as more and more people conduct sensitive business in our technologically endowed world, certificate authorities (CA) are making this process even more streamlined than before.

Companies like VeriSign, GeoTrust, DigiCert and GoDaddy specialize in the sale and deployment of SSL certificates on a global scale. A user would simply purchase an SSL certificate from any of these CA’s then install the certificate on the appropriate Web Server(s). Once the installation is complete, any browser requesting information from that Web server would then have the benefits and peace of mind that all the transactions would be safe and secure! If you’re not up for the task just let us know and we’ll be sure to take care of everything giving you a wonderful gift, peace of mind.

Enabling Your Spam Quarantine

By default, the DataYard Mail filter tags some messages and blocks others but has the capability to create a quarantine inbox where you can view and release messages deemed spam by the filter.  This isn’t enabled by default.  If you haven’t logged in to the Mail filter before, please read our article on creating a login and updating your settings, here.

Enabling the Quarantine

Enabling and configuring Quarantine will send some messages to your Quarantine Inbox on the Spam filter rather than tagging them or blocking them outright.  In order to enable Quarantine, go to the Spam Settings page.  Then un-check the Disable checkbox next to the Quarantine field.  Finally, adjust the Block and Quarantine sliders so that the Quarantine value is less than the Block value and click Save.


You can also adjust how often Quarantine summaries are sent to you and where they are sent. Navigate to the Quarantine Settings page under the Preferences tab.  You can select Daily, Weekly or Never for your Quarantine email intervals.  You can also enter the email address that you would like the notifications to go to if you would like to send them somewhere else than your account.  Make sure to click Save if you make any changes.


Once you’ve set up your score levels, you can manage your quarantine from the Quarantine Inbox.  Click the Quarantine Inbox tab and then the Quarantine Inbox option.  There you will find all messages that have been quarantined by the filter.  You have options to Deliver, Whitelist or Delete those messages, either individually or in bulk.

Bulk Email options


Individual Email options


Finally, you can click on any message to view the message and its associated details and release the message from there as well.


That’s all there is to it.  If you have any problems, you can contact us any time at [email protected] or 937-226-6896 for assistance.