Data center provider fakes Tier 4 data center certificate to bag $11M SEC deal

Impact on vendor trust and certification verification

This case highlights the vulnerabilities that organizations face when relying on third-party certifications. The fraudulent certification raises serious concerns for CIOs and IT leaders who depend on certified data centers to ensure fault tolerance and security for critical data.

“With this episode, organizations will have to go deeper to verify the reported credentials, including certifications, of a new vendor on the block. A cursory check and balance on the name of the certifying authority will help to know the likely authenticity of the certification claim,” said Abhishek Gupta, CIO at leading Indian satellite broadcaster DishTV.

CIOs often rely on multiple sources when evaluating new data center partners. Client references, physical site visits, and informal validation through the CIO community are part of the process.

“Even today, IT leaders try to evaluate the actual performance of a new prospect before onboarding as a data center partner,” Gupta added. “While certifications are important for evaluating the level of fault tolerance, additional measures, such as verifying the certifying authority’s legitimacy, are likely to gain more importance​.”

“Tier certifications for data centers have long been used as a benchmark for reliability and resiliency,” said Saurabh Gugnani, director and head of cyber defense, IAM, and application security at Dutch professional services firm TMF Group.​ “However, if a certified datacenter fails to meet the promised levels of service or experiences a major outage, it could affect the credibility of these certifications.”

The certification authenticity forms a smaller part of overall final decision-making, said Gupta. According to him, this episode shouldn’t change the evaluation methodology.