Hacker News new | past | comments | ask | show | jobs | submit login

> how do you find a reliable, trustworthy datacenter?

drive to a few, and shake some hands. in my exp, the difference between colos is usually "actual SOC2/ISO compliance" on one side, and "there are no locked doors between the parking lot and my rack" on the other, with not much in-between that's not for some specialty (radio), and these things can only really be seen for yourself




That’s unfortunate. I consider SoC 2 compliance as a negative indicator of security (I’ve been on the vendor side of it, and have seen it have significant negative impacts on security and reliability in multiple organizations).

Ideally, there’d be locked doors, and the data center wouldn’t be subsidizing performative checkboxing.


I'm curious, can you tell us what the negative impacts you've seen are? Are there any audits that you can say are a positive indicator for security?


Spending all their security time/budget on box checking rather than actual security.

I'd rather see open ended red team pentest reports.


This is my complaint with "cyber insurance". Companies spending money on insurance premiums and checklists for the insurance company rather than spending money on security.


Yep. My experience as well. Once a place starts doing useless box checking stuff like SOC2 it’s time to find a new job or switch vendors.

Positive indicators would be talking to employees and getting an idea of organizational clue level. There are no shortcuts here I’ve ever found beyond doing this sort of old fashioned “know your vendor” style work.


I remember visiting a colo in the valley in the early aughts that had both of these: all the biometric-man trap-security drama in the front door, and in the back, garage doors & loading docks wide open to the Santa Clara breeze...


I had a similar mid 90's tour at a major provider in Washington DC (Ashburn) that had this exact problem, mantraps everywhere, great facility for the generation and then they took me out the back door to show me the basketball court in the back parking lot and no alarm went off.... Considering root dns servers, yahoo, hotmail and other majors of the day were running there, it was... sketchy at best.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: