Data center provider fakes Tier 4 data center certificate to bag $11M SEC deal

“With this episode, organizations will have to go deeper to verify the reported credentials, including certifications, of a new vendor on the block. A cursory check and balance on the name of the certifying authority will help to know the likely authenticity of the certification claim,” said Abhishek Gupta, CIO at leading Indian satellite broadcaster DishTV.

CIOs often rely on multiple sources when evaluating new data center partners. Client references, physical site visits, and informal validation through the CIO community are part of the process.

“Even today, IT leaders try to evaluate the actual performance of a new prospect before onboarding as a data center partner,” Gupta added. “While certifications are important for evaluating the level of fault tolerance, additional measures, such as verifying the certifying authority’s legitimacy, are likely to gain more importance​.”

“Tier certifications for data centers have long been used as a benchmark for reliability and resiliency,” said Saurabh Gugnani, director and head of cyber defense, IAM, and application security at Dutch professional services firm TMF Group.​ “However, if a certified datacenter fails to meet the promised levels of service or experiences a major outage, it could affect the credibility of these certifications.”

The certification authenticity forms a smaller part of overall final decision-making, said Gupta. According to him, this episode shouldn’t change the evaluation methodology. 

“Just that when things are not adding up, a healthy skepticism might arise about the veracity of certification claimed by a new vendor,” added Gupta. “In all such cases, CIOs will most likely show risk aversion and may choose not to go with a new DC partner on the block.”