Maintenance Week – December 2023

Throughout the week of Dec 11th 2023, we will be performing maintenance on DataYard’s infrastructure and customer servers. This will include performing updates to all managed server infrastructure, including tasks that require reboots/shutdowns/service interruptions.  Maintenance will begin at 12:00AM EST and will be completed by 8:00AM EST throughout various days this week. Making IT Better!

Let us know if you have any questions, concerns, or just want to chat: 1.800.982.4539 or [email protected].

Maintenance Week – November 2023

Throughout the week of Nov 13th 2023, we will be performing maintenance on DataYard’s infrastructure and customer servers. This will include performing updates to all managed server infrastructure, including tasks that require reboots/shutdowns/service interruptions.  Maintenance will begin at 12:00AM EST and will be completed by 8:00AM EST throughout various days this week. Making IT Better!

Let us know if you have any questions, concerns, or just want to chat: 1.800.982.4539 or [email protected].

DataYard’s 2023 Predictions – Cloud Forward

Cloud Computing

DataYard has been helping technology professionals deploy cloud computing solutions for over a decade and as the needs of the market evolve so do our solutions. This report outlines our predictions for next year. We leveraged strategic and budgeted plans from our clients, partners and regulations to establish this punch list of likely focus points we are going to be addressing next year! 

Top 9 Top Cloud Computing Trends in 2023

The cloud has been a game-changer for the tech industry, and it shows no signs of slowing down. With such rapid growth, it can be tough to keep up with the latest trends. But knowing what’s on the horizon is critical for businesses that want to stay ahead of the competition. Here are top cloud computing trends that will impact IT professionals in 2023;

  • Artificial intelligence (AI)
  • The Rise of Serverless Cloud
  • Hybrid cloud
  • IoT Platforms
  • Automation
  • Secure Access Service Edge (SASE)
  • Cloud Disaster Recovery (CDR)
  • Edge computing
  • Virtual cloud desktops 
  • Artificial Intelligence (AI)

Cloud data centers provide everyone with the computing power and bandwidth that machine learning platforms need for training and processing data. The majority of the “every day” AI we encounter every day—from Google Search to Instagram filters—lives in the cloud, where machine learning is used to manage storage infrastructure and route traffic from data centers to our devices. In 2023 and beyond, this interdependence between cloud computing and artificial intelligence (AI) will only deepen. Language modeling, which improves the precision with which machines can grasp human languages, and “creative” algorithms, generative machine learning that can produce anything from art to synthetic data to train additional AIs, will be major themes in AI. Cloud computing will undoubtedly be crucial in both providing these services to customers and creating the necessary infrastructure. 

  • The Rise of serverless Cloud

Serverless cloud is a new concept that is gaining market traction from providers such as Amazon (AWS Lambda), Microsoft (Azure Functions), and IBM Cloud Functions. It’s also known as “functions-as-a-service,” and it means that businesses aren’t constrained to leasing servers or paying for fixed quantities of storage or bandwidth. It provides a true pay-as-you-go service in which the infrastructure increases discreetly as an application’s needs change. Of course, it isn’t truly serverless – the servers remain – but it offers another degree of abstraction between the user and the platform, removing the need for the user to become involved in configurations and technicalities. Serverless computing in the cloud will play a significant role in the broader trend of generating new user experiences that make innovation more accessible throughout the cloud and the entire digital landscape.

  • Hybrid cloud

Many businesses choose a hybrid cloud approach, which combines public cloud services with the establishment of a private cloud dedicated to a single organization. This is particularly true for firms that gather sensitive data or operate in highly regulated industries such as insurance, where data privacy is critical. A hybrid solution is appealing because it provides the required level of control while allowing organizations to innovate and scale as they roll out new services for their customers. The global hybrid cloud market is anticipated to be valued at $145 billion in 2026, up from $51 billion in 2020. 

There are a variety of cloud computing courses. Master any of the cloud computing courses and make yourself an expert in cloud applications and architecture and steadfast your career. 

  • IoT Platforms

One of the most well-known cloud computing developments in today’s hyper-connected society is the rise of IoT platforms. According to one analysis, the number of connected things utilized would increase to 25 billion by 2021, up from 14.2 billion in 2019. An IoT platform is a cloud-enabling platform that works with common devices to enable cloud-based applications and administrations. IoT acts as a middleman, gathering data from multiple devices through remote device setup and smart device management.

  • Automation

Automation is a crucial driver of cloud adoption, particularly when it comes to boosting company operations efficiency. Companies that consolidate their data and systems on the cloud can automate many of their internal procedures, such as data consolidation from multiple locations or the generation of business intelligence dashboards. Many organizations are striving to tighten connections between different pieces of software in order to better manage their expanding cloud footprints and ensure that solutions from diverse suppliers perform seamlessly together.

Automation Testing courses in Dubai are perfect for you if you are looking to work in an agile IT environment. Automation testing professionals hold the opportunity to escalate their careers in diverse job titles.

  • Secure Access Service Edge (SASE)

Secure Access Service Edge (SASE) is a cybersecurity concept that establishes a secure link between applications/services and organizational entities such as people, systems, and devices. SASE is a framework for integrating network security services (like SWG and FWaaS). It also offers extensive WAN capabilities to support digital businesses all across the world. As a result, industry analysts believe SASE can help businesses defend against cyber threats. Several SASE providers now provide secure web gateways (SWG). This can also assist your organization in blocking undesirable traffic while complying with company security standards.

Businesses are reconsidering their approach to security and risk management as employees use more services and data from their own devices that are not connected to their organizations’ IT networks. Gartner’s Secure Access Service Edge (SASE) is a cloud-based approach to IT security that addresses the changing nature of work. Companies that use a SASE architecture benefit from cloud-based network security services such as secure gateways, firewalls, zero-trust network access, and more. This is a strong approach to IT security that enables enterprises to deploy new cloud services fast while remaining confident that their systems are secure. 

  • Cloud Disaster Recovery (CDR)

Cloud disaster recovery is a cloud-based solution that integrates a number of backup methodologies and services to protect resources such as data, programs, and configuration. Following a crisis, these cloud backups enable firms to restore any impacted data and restart normal operations. Emerging cloud trends can assist businesses in developing a dedicated, custom-made cloud disaster recovery solution. 

  • Edge computing

It is a technique for improving the distributed computing network framework by doing information preparation at the organization’s edge, near the source of the information. It continually relies on cloud employees to deal with less time-sensitive material or to keep information for as long as feasible. Rather than a centralized cloud, this type of cloud computing brings data processing — collection, storage, and analysis — closer to the sources of the data. This minimizes latency while also enabling the use of edge devices. Edge computing powers smart gadgets like smartphones, smartwatches, and smart cars, as well as the interconnectedness of all the data created by these technologies. 

  • Virtual cloud desktops

A virtual cloud desktop, also known as desktop-as-a-service, is a cloud-based service that sends the whole desktop operating system and software applications directly to a laptop, desktop, or another device. Companies are simply charged for the time their employees spend signing in to their devices, and they are not required to pay for hardware upgrades. Virtual cloud desktops may also be immediately scaled, ensuring that businesses always have the licenses and devices they require to service their expanding workforce. According to Allied Market Research, the global market for virtual cloud desktops is expected to reach $10.2 billion by 2023, rising at a compound annual growth rate of 16.5 per cent since 2017.

To sum it up

In 2023, cloud adoption will continue to revolutionize the corporate landscape, assisting businesses in addressing some of their most pressing concerns. We continue to see a rapid digital transition, and it is fascinating to watch how technology evolves and new trends arise. It will be interesting to see how these cloud tendencies develop further. It is important to get on board with adoption. These trends will have a good long-term impact on your company and your clients. 

Cloud Adopters & the Pending FTC Security Requirements – Are You Ready?

If you’ve adopted cloud computing strategies within your organization, you’ve already taken strides to keep up with the times in the ever-changing world of technology. As a result, your decisions have enabled scalability, reliability, and (hopefully) top performance — but did you know that most cloud infrastructures lack the security features required in the upcoming FTC Privacy Compliance Regulations? Not to mention the numerous processes and procedures your team MUST follow to obtain compliance and avoid major fines! 

At DataYard, we consider data security to be part of the foundation of our solutions – it’s a theme in every design, implementation, and managed cloud engagement we have. The reality is infrastructure and software alone are NOT enough under the current regulations. Companies must implement incident recovery, training, documented policies, and assign a dedicated owner / single point of contact of the organization’s privacy compliance efforts and strategy.

So the question is: Do you really have your yard in order when it comes to data security?

Third-party data service providers, especially those providing cloud computing services, are faced with unique and difficult privacy and data security challenges. While many companies that directly collect data from consumers are bound by the promises they make to individuals in their own privacy policies, cloud service providers are usually not a part of this arrangement. It is not entirely clear what, if any, obligations cloud service providers have with regards to protecting the data of individuals with whom they have no contractual relationship. This problem is especially acute because many institutions sharing personal data with cloud service providers fail to include significant privacy and security protections in the contracts that govern the exchanges. As such, individuals can be placed at the mercy of contracts that they did not negotiate and that offer insufficient protection of their data.

Since the 1990s, the FTC has been regulating companies in privacy and security matters under Section 5 of the FTC Act. This statute prohibits ‘‘unfair or deceptive acts or practices in or affecting commerce.’’ 6 The FTC has brought an extensive number of cases for problematic privacy and data security practices. We discuss in more detail how the FTC has gone about crafting a law of privacy from the ground up in our forthcoming article, ‘‘The FTC and the New Common Law of Privacy.’’ 7 Privacy and data protection attorneys at the large law firms, in-house counsel, and attorneys everywhere else follow the FTC closely. They look to the FTC for guidance about standards to follow. Thus far, the FTC has been more of a standard codifier than a standard maker. Instead of blazing a trail by creating new norms and standards, the FTC has waited until norms and standards have developed and then begun enforcement. Once the FTC has been enforced based on a particular standard, that standard achieves a new level of legitimacy and formality. For all intents and purposes, the standard becomes law. Because the law of privacy and data security is so fragmented, so magma-like in its nature, the FTC has had an unusually influential role in shaping the law of privacy and data security by embracing certain standards and norms that have achieved a decent level of consensus. For a long time, these standards have focused on what companies must do to protect the privacy and data security of personal data that they maintain. This year, however, there is an existing FTC case focusing on the standards for how a company, GMR Transcription Services, Inc., shares personal data with external data service providers.

In this case, the FTC found GMR to be deficient in doing due diligence before hiring its data service provider.12 Looking broadly at the complaint, there are three key things that the FTC is now requiring companies to do when it comes to contracting with data service providers: (1) exercise due diligence before hiring data service providers; (2) have appropriate protections of data in their contracts with data service providers; and (3) take steps to verify that the data service providers are adequately protecting data. This GMR case has several important implications. It indicates that organizations that hire data service providers may be directly at fault in many instances. The case also solidifies the principle that companies have duties of data service provider management — in choosing, contracting with, and overseeing vendors. This means that if a vendor has a problem, the organization that hired the vendor will also be under scrutiny.

Organizations that use data service providers for data processing might not just be victims if the data service providers make a blunder. They might be to blame if they failed to follow appropriate data service provider management practices. FTC enforcement based on inadequate data service provider management signals that standards in this area are starting to mature. The GMR case does not define the precise contours of what constitutes adequate data service provider management, but the details will be fleshed out over time. This FTC case has signaled that more attention should be devoted to the issue, and we can now expect more companies to take a closer look at their own data service provider management practices. The word is out that poor data service provider management might conflict with the FTC Act. Even without a data breach, poor data service provider management alone might still be a cause for FTC enforcement. Although the FTC generally cannot enforce against public-sector entities, the GMR case still has important implications. The case now establishes more clearly that there is a standard of care when it comes to contracting. The principles in this case apply to nearly all businesses, and FTC decisions reflect the consensus norms about privacy. If nearly all companies are legally obligated to do what the FTC demands in this decision, then this puts a lot more pressure on schools and other public-sector organizations to do so.

Protections of Third-Party Beneficiaries 

The FTC is also not limited in protecting consumers only when they have a direct relationship with an entity that maintains their personal data. In its early cases, the FTC focused primarily on enforcing company privacy policies. Since then, the FTC has broadened its enforcement far beyond privacy policies. Deception is a broad concept, and it is not limited to the explicit promises a company might make. Unfairness is even broader. An ‘‘unfair’’ trade practice is one that ‘‘causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.’’13 An exceptionally wide range of activities has been included in the FTC’s unfairness and regulatory efforts.14 Many of the alleged unfair actions seek to take advantage of vulnerable consumers, making exploitation the focus of many unfairness allegations.15 Thus, the FTC has very broad and general regulatory authority by design to allow for a more nimble and evolutionary approach to the regulation of consumer protection. Because FTC enforcement is not tethered to any specific privacy policy and is primarily focused on protecting consumers, it becomes quite apparent that the FTC has the authority to regulate entities maintaining personal data even if those entities do not make any promises directly to the people to whom the data pertain.

The FTC’s power to protect third-party beneficiaries of institutional bargaining extends to companies that provide cloud services to public-sector entities. Although the FTC can generally only regulate commercial entities under Section 5,22 when public-sector institutions such as schools use private-sector cloud service providers, the FTC can regulate the cloud service provider. Although the cloud service provider might not have a direct relationship with the individuals whose data they maintain, these individuals are third-party beneficiaries of the privacy promises made by those who provide data to cloud service providers. As such, if a school enters a contract with a cloud service provider where student data is shared with the provider, that provider must live up to consumer expectations. Moreover, if the provider negotiates a deficient contract with a school, the deficiencies in this arrangement might themselves be contrary to student expectations. 

Cloud Service Providers as Data Stewards 

The FTC has started to embrace a larger philosophy that third-party data service providers should act as data stewards. In other words, companies that collect, use, and share personal data have certain responsibilities owed to the data subjects. These responsibilities could include ensuring harm from the use and distribution of data is minimized using technical safeguards, administrative procedures, and contractual terms. Data stewardship is already a concept embraced in certain specific areas, such as health care. The FTC’s approach draws upon the tradition of ‘‘third-party beneficiaries’’ in contract law, whereby intended third party recipients of benefits of a contractual term are entitled to enforce that term even though they are not technically a party to the agreement.23 Good stewardship even has a fiduciary-like quality whereby relationships with stark disparities in power are sometimes treated differently than those who negotiate at arm’s length. In this way, the FTC approach is similar to that of courts when finding implied obligations of confidentiality.24 Consumers have very little ability to ensure that cloud service providers protect the personal data that were entrusted to them, which makes these consumers vulnerable and largely unable to reasonably avoid risk. The FTC has laid the foundation for establishing standards of data stewardship on each side of the cloud service relationship. The next steps have yet to be taken, but the path is there, waiting to be traversed.

the FTC staff has also issued extensive guidance on online behavioral advertising, emphasizing four principles to protect consumer privacy interests:

  1. transparency and control, giving meaningful disclosure to consumers, and offering consumers choice about information collection;
  2. maintaining data security and limiting data retention;
  3. express consent before using information in a manner that is materially different from the privacy policy in place when the data was collected; and
  4. express consent before using sensitive data for behavioral advertising.

The FTC has not, however, indicated that opt-in consent for the use of non-sensitive information is necessary in behavioral advertising.

In terms of enforcement, the FTC has frequently brought successful actions under Section 5 against companies that did not adequately disclose their data collection practices, failed to abide by the promises made in their privacy policies, failed to comply with their security commitments, or failed to provide a ‘fair’ level of security for consumer information. Although various forms of relief (such as injunctions and damages) for privacy-related wrongs are available, the FTC has frequently resorted to settling cases by issuing consent decrees. Such decrees generally provide for ongoing monitoring by the FTC, prohibit further violations of the law and subject businesses to substantial financial penalties for consent decree violations. These enforcement actions have been characterized as shaping a common law of privacy that guides companies’ privacy practices

Cybersecurity and Data Breaches – Federal Law

Cybersecurity has been the focus of intense attention in the United States in recent years, and the legal landscape is dynamic and rapidly evolving. Nonetheless, at the time of writing, there is still no general law establishing federal data protection standards, and the FTC’s exercise of its Section 5 authority, as laid out above, remains the closest thing to a general, national-level cybersecurity regulation.

That said, recent years have brought a flurry of federal action related to cybersecurity. In 2015, Congress enacted the Cybersecurity Information Sharing Act (CISA), which seeks to encourage cyber threat information sharing within the private sector and between the private and public sectors by providing certain liability shields related to such sharing. CISA also authorizes network monitoring and certain other defensive measures, notwithstanding any other provision of law. In addition to CISA, Presidents Obama, Trump and Biden have issued a series of executive orders concerning cybersecurity, which have, among other things, directed the Department of Homeland Security and several other agencies to take steps to address cybersecurity and protect critical infrastructure and directed the National Institute of Standards and Technology (NIST) to develop a cybersecurity framework. The latter, in particular, has been a noteworthy development: while the NIST Cybersecurity Framework provides voluntary guidance to help organizations manage cybersecurity risks, there is a general expectation that use of the framework (which is laudable, accessible, and adaptable) is a best practice consideration for companies holding sensitive consumer or proprietary business data. (The federal government’s response to the recent wave of cyberattacks is further detailed in Section II above.)

Specific Regulatory Areas – Federal Law

Along with the FTC’s application of its general authority to privacy-related harms, the United States has an extensive array of specific federal privacy and data security laws for the types of citizen and consumer data that are most sensitive and at risk. These laws grant various federal agencies rulemaking, oversight and enforcement authority, and these agencies often issue policy guidance on both general and specific privacy topics. Congress has passed robust laws that prescribe specific statutory standards for protecting the following types of information:

  1. financial information;
  2. healthcare information;
  3. information about children;
  4. telephone, internet and other electronic communications and records; and
  5. credit and consumer reports.

We briefly examine each of these categories and the agencies with primary enforcement responsibility for them below.

Financial Information

The Gramm-Leach-Bliley Act (GLBA) addresses financial data privacy and security by establishing standards pursuant to which financial institutions must safeguard and store their customers’ ‘nonpublic personal information’ (or ‘personally identifiable financial information’). In brief, the GLBA requires financial institutions to notify consumers of their policies and practices regarding the disclosure of personal information; to prohibit the disclosure of such data to unaffiliated third parties, unless consumers have the right to opt-out or other exceptions apply; and to establish safeguards to protect the security of personal information. The GLBA and its implementing regulations further require certain financial institutions (i.e., banks) to notify regulators and data subjects after breaches implicating nonpublic personal financial information, often referred to as NPI.

Various financial regulators, such as the federal banking regulators (e.g., the Federal Reserve, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency) and the Securities and Exchange Commission (SEC), have authority to enforce consumer privacy under the GLBA, while the FTC (for non-bank financial institutions) and the Consumer Financial Protection Bureau (CFPB) (for certain banks and non-bank financial institutions) do as well. (Insurance is regulated at the state level, so GLBA financial privacy in this sector is administered by state insurance commissions.)

The SEC has also increasingly used its broad investigative and enforcement powers over public companies that have suffered cybersecurity incidents. In doing so, the SEC has relied on multiple theories, including that material risks were not appropriately disclosed and reported pursuant to the agency’s guidance on how and when to do so and that internal controls for financial reporting relating to information security did not adequately capture and reflect the potential risk posed to the accuracy of financial results. Of particular note, in 2018, the SEC published interpretive guidance to assist publicly traded companies in disclosing their material cybersecurity risks and incidents to investors. 

The SEC has suggested that all public companies adopt cyber disclosure controls and procedures that enable companies to:

  1. identify cybersecurity risks and incidents;
  2. assess and analyze their impact on a company’s business;
  3. evaluate the significance associated with such risks and incidents;
  4. provide for open communications between technical experts and disclosure advisers;
  5. make timely disclosures regarding such risks and incidents; and
  6. adopt internal policies to prevent insider trading while the company is investigating a suspected data breach.

Healthcare Information

For healthcare privacy, entities within the Department of Health and Human Services (HHS) administer and enforce the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH) Congress enacted HIPAA to create national standards for electronic healthcare transactions, and HHS has promulgated regulations to protect the privacy and security of personal health information. In general, HIPAA and its implementing regulations state that patients generally have to opt-in before covered organizations can share the patients’ information with other organizations.

HIPAA’s healthcare coverage is quite broad. It defines PHI as; ‘individually identifiable health information . . . transmitted or maintained in electronic media’ or in ‘any other form or medium’. Individually identifiable health information is in turn defined as a subset of health information, including demographic information, that ‘is created or received by a health care provider, health plan, employer, or health care clearinghouse’; that ‘relates to the past, present, or future physical or mental health or condition of an individual’, ‘the provision of health care to an individual’, or ‘the past, present, or future payment for the provision of health care to an individual’; and that either identifies the individual or provides a reasonable means by which to identify the individual. Notably, HIPAA does not apply to ‘de-identified’ data.

With respect to organizations, HIPAA places obligations on ‘covered entities’, which include health plans, healthcare clearinghouses and healthcare providers that engage in electronic transactions as well as, via HITECH, service providers to covered entities that need access to PHI to perform their services. It also imposes requirements in connection with employee medical insurance.

Moreover, HIPAA also places obligations on ‘business associates,’ which are required to enter into agreements, called business associate agreements, to safeguard PHI. A business associate is defined as an entity that performs or assists a covered entity in the performance of a function or activity that involves the use or disclosure of PHI (including, but not limited to, claims processing or administration activities).Such agreements require business associates to use and disclose PHI only as permitted or required by the agreement or as required by law and to use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for by the business associate agreement. The agreements also include numerous other provisions regarding the confidentiality, integrity, and availability of electronic PHI.

HIPAA and HITECH not only restrict access to and use of PHI, but also impose stringent information security standards. In particular, HHS administers the HIPAA Breach Notification Rule, which imposes significant reporting requirements and provides for civil and criminal penalties for the compromise of PHI maintained by covered entities and their business associates. The HIPAA Security Rule also requires covered entities to maintain appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI.

Information About Children

The Children’s Online Privacy Protection Act of 1998 (COPPA) applies to operators of commercial websites and online services that are directed to children under the age of 13, as well as general audience websites and online services that have actual knowledge that they are collecting personal information from children under the age of 13. The FTC is generally responsible for enforcing COPPA’s requirements which include, among other things, that these website operators post a privacy policy, provide notice about collection to parents, obtain verifiable parental consent before collecting personal information from children, and other actions.

Telephone, Internet, and Other Electronic Communications and Records

A number of legal regimes address communications and other electronic privacy and security, and only the briefest discussion of this highly technical area of law is possible here. In short, some of the key statutory schemes are as follows:

  1. the Electronic Communications Privacy Act of 1986 (ECPA) protects the privacy and security of the content of certain electronic communications and related records;
  2. the Computer Fraud and Abuse Act (CFAA) prohibits hacking and other forms of harmful and unauthorized access or trespass to computer systems, and can often be invoked against disloyal insiders or cybercriminals who attempt to steal trade secrets or otherwise misappropriate valuable corporate information contained on corporate computer networks;
  3. various sections of the Communications Act protect telecommunications information, including what is known as customer proprietary network information, or CPNI;
  4. the Telephone Consumer Protection Act (TCPA) governs robocalls and texts; and
  5. the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act governs commercial email messages, generally permitting companies to send commercial emails to anyone provided that the recipient has not opted out of receiving such emails from the company, the email identifies the sender and the sender’s contact information, and the email has instructions on how to easily and at no cost opt-out of future commercial emails from the company.

The Federal Communications Commission (FCC) is the primary regulator for communications privacy issues, although it shares jurisdiction with the FTC on certain issues, including notably the TCPA.

Credit and Consumer Reports

The Fair Credit Reporting Act (FCRA), as amended by the Fair and Accurate Credit Transactions Act of 2003, imposes requirements on entities that possess or maintain consumer credit reporting information or information generated from consumer credit reports. Consumer reports are ‘any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility’ for credit, insurance, employment, or other similar purposes.

The CFPB, FTC and federal banking regulators (e.g., the Federal Reserve, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency) share authority for enforcing FCRA, which mandates accurate and relevant data collection to give consumers the ability to access and correct their credit information and limits the use of consumer reports to permissible purposes such as employment, and extension of credit or insurance.
For more information on how DataYard can help you prepare for the implementation of new FTC regulations, please visit us at

Why buying your cloud direct is the more expensive option!

Cloud Service Providers Keep Your Data Yard in Order

When application providers or hosting managers look for cloud solutions to host their digital environments they have lots of choices to make.  Everything from the solution provider such as AWS vs Azure vs G-Cloud to the instances that are set up and how.  What about redundancy? Should you choose a public cloud architecture or private cloud architecture, what about a hybrid or multi-cloud?  The decisions are near endless and each deployment requires thought, strategy, and insight into both current and future needs. 

We often will face questions from clients and prospects surrounding why they should acquire a cloud environment through a service provider vs direct from the solution provider.  Our answer is simple… Do you know the answers to all the questions and options listed above? Are you prepared to bet your customers’ experience on it?  Companies turn to us to evaluate their needs, and how those needs are addressed within a cloud environment. Furthermore, the staff to competently deploy (nevermind properly), maintain, and manage high availability systems is very costly and often requires multiple individuals. The average cost of a DevOps resource today is $126,000 so if you need two, you are over a quarter million in salaries and you have not paid a penny to the solution provider yet.  

What about optimization and integration between systems and environments like in the case of multi or hybrid cloud architectures? Well, the complexity goes up and if these systems are not properly configured to work together or in parallel your computing costs will be far from optimized and will likely not properly perform as they should.  The truth is it takes an army to properly design, implement, optimize and maintain a cloud environment. That is what a cloud service provider (CSP) does, and because they spread those expensive resources over dozens of environments it in turn is more affordable than doing it alone.  

At DataYard we have designed some of the most robust and complex cloud environments, for some of the nation’s most recognizable brands and businesses that demand high performance and high uptime reliability.  In fact, our 99.999% average is nothing more than us properly configuring each environment for our clients’ needs, while ensuring proper updates and future deployments are coordinated and executed flawlessly. 

Next time you are comparing prices of “going it alone” vs working with a service provider, make sure to take into account the total cost of ownership (TCO) and ask yourself if deploying your valuable resources is best suited for making your cloud environment function or building more value for your customers.  We thought so!  Let’s build something great together… 

Check out DataYard’s RiSE program for information on how to get started.

March Maintenance Week 2022

Throughout the week of March 7th 2022, we will be performing maintenance on DataYard’s infrastructure and customer servers. This will include performing updates to all managed server infrastructure, including tasks that require reboots/shutdowns/service interruptions.  Maintenance will begin at 12:00AM EST and will be completed by 8:00AM EST throughout various days this week. Making IT Better!

Let us know if you have any questions, concerns, or just want to chat: 1.800.982.4539 or [email protected]. Remember to follow us on Twitter (@datayardtechops & @datayard)!

February Maintenance Week 2022

Throughout the week of February 7th 2022, we will be performing maintenance on DataYard’s infrastructure and customer servers. This will include performing updates to all managed server infrastructure, including tasks that require reboots/shutdowns/service interruptions.  Maintenance will begin at 12:00AM EST and will be completed by 8:00AM EST throughout various days this week. Making IT Better!

Let us know if you have any questions, concerns, or just want to chat: 1.800.982.4539 or [email protected]. Remember to follow us on Twitter (@datayardtechops & @datayard)!

January Maintenance Week 2022

Throughout the week of January 10th 2021, we will be performing maintenance on DataYard’s infrastructure and customer servers. This will include performing updates to all managed server infrastructure, including tasks that require reboots/shutdowns/service interruptions.  Maintenance will begin at 12:00AM EST and will be completed by 8:00AM EST throughout various days this week. Making IT Better!

Let us know if you have any questions, concerns, or just want to chat: 1.800.982.4539 or [email protected]. Remember to follow us on Twitter (@datayardtechops & @datayard)!

December Maintenance Week 2021

Throughout the week of December 13th 2021, we will be performing maintenance on DataYard’s infrastructure and customer servers. This will include performing updates to all managed server infrastructure, including tasks that require reboots/shutdowns/service interruptions.  Maintenance will begin at 12:00AM EST and will be completed by 8:00AM EST throughout various days this week. Making IT Better!

Let us know if you have any questions, concerns, or just want to chat: 1.800.982.4539 or [email protected]. Remember to follow us on Twitter (@datayardtechops & @datayard)!

MS Exchange Critical Security Threat – We’ve Got Your Back!

You may have heard rumblings across the Internet of a giant Microsoft Exchange vulnerability that raised its ugly head this week.  On Tuesday evening, Microsoft announced the existence of four critical zero-day security vulnerabilities affecting all current versions of Microsoft Exchange Server.  That’s the same time we stepped up to make sure that all DataYard and our clients’ servers were patched and secured as soon as possible.

Starting at 2AM on Wednesday morning, our engineers began installing the needed upgrades and patches to all DataYard managed Microsoft Exchange servers .  The Exchange infrastructures in question were quickly updated and rebooted, after which point DataYard engineers took a deeper dive to determine if there were any lingering threats.

In many cases across the globe this security vulnerability had already been exploited in an attempt to open a backdoor to critical and private data – our customers were no exception.  DataYard engineers discovered malicious web shells which had been remotely uploaded by nefarious bots in the final days of February 2021. While a malicious shell was indeed uploaded on these systems to provide access to a bad actor in the future, there is no evidence to suggest that the shell was ever accessed or utilized after the initial automated upload.

As of 2PM on Thursday (3/4/21), DataYard had completed the following for all of our managed VIP clients:

  • Determined if the VIP was vulnerable to the exploit in question
  • Updated OS when applicable
  • Installed critical security patches
  • Reboot and test
  • Removed all malicious files remotely updated by third parties
  • Investigated all system logs to ensure no malicious files were executed:
    • Network traffic logs
    • System events logs
    • Exchange application logs
    • Remote login records

At this point, the team at DataYard is confident to give all of our managed Exchange VIP systems a thumbs-up and a clean bill of health.  We appreciated the trust and confidence that all of our client partners have in DataYard – we are happy to have helped to avoid this nasty security breach and potential data compromise.  Please let us know if you have any questions or requests to help make IT better.

Have a fantastic weekend,
The DataYard Team