Compliant hosting strategies for healthcare, finance, & legal

Kristina (Host):

Hello, everybody. Welcome in — we’re glad to have you here. Welcome to today’s webinar: Off-Prem On Point: Hosting Strategies for Regulated Industries, brought to you by Liquid Web.

I’m Kristina, and I’ll be kicking us off before we dive into today’s session.

Thank you for joining us and for your patience. We’re really excited to have you all here. For those of you who may not be familiar with us, Liquid Web is a premium hosting provider for businesses of all sizes. We offer reliable solutions like dedicated servers, cloud hosting, and VPS hosting, all backed by 24/7 support.

Before we get started, just a little housekeeping:

• Today’s webinar should run around 35 to 40 minutes — we likely won’t take the full hour.
• Please feel free to use the chat throughout the session to ask questions and leave comments. We want this to be interactive!
• We’ll keep an eye on your questions and address them during the Q&A at the end.
• This webinar is being recorded, and we’ll be sending the recording to all attendees, along with some additional resources.

Okay, without further ado, let’s get started! Here are your speakers for today: Kyleigh and Kelly. Take it away, Kyleigh.

Kyleigh Fitzgerald:

[00:01:30]

Thanks, Kristina.

Welcome, everyone, and thank you so much for joining us today. In this session, we’re going to discuss why regulated industries — like healthcare, finance, and legal — should consider moving off-premises and how you can do so safely.

First, a quick intro: I’m Kyleigh Fitzgerald, Director of Product Marketing here at Liquid Web. I joined the company last year and have been in the web hosting industry for nearly a decade now.

I’m joined by the real star of today’s show, Kelly Goolsby. Kelly, would you like to introduce yourself?

Kelly Goolsby:

Yeah, sure — thanks, Kyleigh. And thanks for setting the bar high!

I’m Kelly Goolsby, Director of Solution Architecture at Liquid Web. I’ve been with the company for seven and a half years, and I’ve spent more than 20 years in the hosting industry overall — working with public cloud, data centers, private cloud, and across many industries and roles.

At Liquid Web, my team is part of the sales organization, and our main goal is aligning client requirements with the right product solutions. If our own products aren’t the right fit, we’re also happy to advise on other partners or alternatives. We aim to understand what a client truly needs and translate that into the best-fit hosting solution.

Thanks again, Kyleigh.

Kyleigh Fitzgerald:

[00:03:04]

Absolutely — let’s dive into what we’ll be covering today.

We’re going to guide you through the current hosting landscape and discuss some of the common challenges businesses like yours face with compliance. Our focus today will be on three key regulated sectors: healthcare, finance, and legal.

We’ll also walk through a real-world success story — a case study involving a legal organization we’ve supported for several years. Then, we’ll cover the “why” and the “how” behind making the move with Liquid Web’s help. And as Kristina mentioned, we’ll leave time for Q&A at the end — plus, a chance to win a $100 raffle prize if you stick around.

Please keep the chat active — ask questions anytime. We’re here to help.

Now let’s jump into today’s market challenges.

Understanding today’s landscape: Why the urgency to move off-prem?

[00:04:13]

First and foremost, moving off-prem is a strategic decision. According to a 2024 Forrester study, 85 percent of IT leaders are now prioritizing a move off-prem. But at the same time, many are hindered by the complexities of public cloud environments and challenges like GPU and server advancements.

Keeping up with on-prem hardware — especially GPU capabilities — is expensive and often underperforms compared to modern alternatives.

Add to that the increasing demand for hybrid and remote work environments (I’m working remotely today, Kelly and Kristina are as well), and the need for secure remote access becomes paramount — something cloud-based solutions handle far more effectively.

And let’s talk about security. Defending against increasingly complex cyber threats is incredibly difficult to do alone. That’s why leveraging trusted providers with built-in security expertise is so important.

Why staying on-prem is becoming unsustainable

Beyond the drivers pushing companies to off-prem solutions, staying fully on-prem presents its own major hurdles:

• Compliance is getting harder. Managing it on-prem is increasingly complex and time-consuming.
• Colocation footprints are shrinking, and the availability of skilled, specialized staff is diminishing — making operations harder to maintain.
• Hardware costs are rising, impacted by global tariffs and supply chain disruptions.
• Lack of pricing predictability. This is a major pain point, especially in public cloud models, but on-prem can be just as unpredictable due to maintenance and upgrade cycles.

These issues raise a key question: Why now?

Why it’s critical now

According to that same 2024 Forrester study, over half of businesses say they’re already struggling with compliance. And that’s before factoring in the rapidly evolving regulatory landscape and customer expectations for seamless digital experiences.

Layer in the explosive growth of AI, which demands flexible infrastructure, and it’s clear that on-prem solutions often just can’t keep up.

All of these factors — complexity, compliance, remote access, security, and AI-driven change — are converging, making it critical for organizations to seriously evaluate a move off-prem.

Kelly, want to take it from here?

Key compliance considerations for regulated industries

Speaker: Kelly Goolsby

[00:07:27]

Foundational compliance frameworks

Sure, yeah. Let’s walk through a few important points.

This list isn’t exhaustive, but these are the compliance frameworks we hear about most often from our clients:

• HIPAA & HITECH — Of course, for healthcare, HIPAA is a top concern, along with the HITECH Act which strengthens HIPAA’s provisions.
• PCI DSS — Data security standards for payment processing continue to evolve, and rapid app deployment and scaling can make compliance more difficult.
• SOC 2 & GDPR — Whether you’re based in the U.S. or abroad, if you work with clients whose data falls under GDPR, you must meet its data protection requirements. This ties directly into data sovereignty and residency rules.
• Encryption — It’s critical. We often talk about encryption in transit, but with the rise of unstructured data — particularly in healthcare, finance, and legal — an “encrypt everything” strategy is becoming more necessary since you don’t always know where sensitive data may reside.
• Access control — With the rise of contracted workforces and fully remote employees, it’s harder to enforce access control. It’s essential to log access while still enabling secure, flexible work environments — whether at home, in hotels, or even in a coffee shop.
• Audit trails — Almost every compliance framework requires secure audit logging, protected against tampering. In case of a breach, being able to show an intact audit trail is essential.
• Uptime & redundancy — While not every industry penalizes for downtime, many do. Redundant infrastructure — including power backups — is often easier to achieve with a trusted hosting provider than with in-house solutions. This is key for meeting SLAs.
• Disaster recovery — It’s no longer optional. Whether via off-site backups, cold sites, or hot sites, you need a plan to recover from data center disruptions.
  

Incident management expectations

Incidents happen — whether due to infrastructure failure, security issues, or persistent threats. What matters is how you respond:

• Clear incident communication.
• Estimated time for recovery.
• Transparent documentation and communication with clients.
• Post-incident reporting that explains what happened and how it will be mitigated going forward.

Many clients have compliance obligations requiring this level of transparency.

Emerging focus: Supply chain security

One area that’s gained traction is supply chain risk. In the past, it was easy to purchase servers, install software, and trust the supply chain. Today, that’s a potential attack vector. Compliance frameworks are adapting, and clients are prioritizing this more and more.

Industry breakdown: Key considerations

[00:12:24]

Healthcare

There’s often overlap with other industries, especially around payment portals. For example, a healthcare organization may need to comply with both HIPAA and PCI DSS.

The baseline for healthcare is HIPAA compliant hosting, which protects PHI (Protected Health Information) and EHRs (Electronic Health Records). Encryption plays a vital role here. The challenge is that HIPAA guidelines often include both mandated and interpretive elements — it’s up to each organization to determine how to comply.

Common practices include:

• Annual self-audits, often supplemented by third-party assessments every 1–3 years.
• Increasing reliance on patient portals for everything from communication to lab results — making availability a key factor.
• The healthcare sector is the #1 target for ransomware attacks, surpassing even government and finance. A 2023 SOPHAS study showed 60 percent of healthcare organizations suffered ransomware attacks.
  

On the AI and infrastructure side:

• AI is increasingly used not just for research, but also in diagnostics and clinical charting.
• Healthcare organizations face steep challenges in acquiring GPUs — high cost, long lead times — and often prefer to avoid managing that procurement themselves.
• Public AI models usually don’t meet their security needs, so privately trained AI models hosted with secure providers are growing in popularity.

Finance

[00:16:58]

As with healthcare, there’s significant overlap and high stakes with financial services hosting:

• PCI DSS compliance is crucial. We help by providing Attestations of Compliance (AOC) that cover infrastructure and physical access. But remember: compliance is a shared responsibility between the hosting provider, the client, and software vendors.
• Penalties for cardholder data breaches range from $5,000 to $100,000, and those costs accrue until compliance is restored.
• Layered security is key to fraud prevention — think bot detection, AI-based fraud scoring, etc. No single system is perfect, so layering defenses is essential.
• Cloud agility matters — financial apps must scale quickly, especially when adoption spikes. But rapid scaling shouldn’t compromise security. Things like instance conformity — ensuring every new deployment matches your security standards — are crucial.

Reputation and risk management are vital. One highly publicized breach could do lasting damage to a financial organization’s brand.

Legal

[00:19:40]

When we talk about “legal,” we mean:

• Solo attorneys and small firms,
• Legal software vendors (e.g., for charting, case management),
• Corporate legal departments.
  

What makes legal hosting solutions particularly tricky is that everything may be privileged — even appointments or notes. And much of the data is unstructured (PDFs, scanned documents), so encryption isn’t as simple as securing a database field. Often, you need to encrypt everything to ensure protection.

We’ve seen:

• A boom in legal-specific SaaS tools like LexisNexis and Westlaw, now augmented with AI.
  Clients demanding the freedom to choose tools from various vendors — requiring integration flexibility from hosting providers.

Increasing demand for private AI models behind firewalls (e.g., Alexei AI) to protect data confidentiality and meet client expectations.

Confidentiality is paramount:

• Breaches can trigger professional penalties and even lawsuits.
• Legal clients often ask for infrastructure that enables secure AI training inside their firewall.
  

Closing thoughts on regulated industries

Across healthcare, finance, and legal, we see consistent themes:

• Data protection
• Uptime and availability
• Encryption
• Security and compliance flexibility
• AI enablement within trusted environments
  

Even organizations outside these industries face many of the same challenges. That’s why we take a tailored approach to every client we serve.

Up next, we’ll dive into a real-world success story — and I’ll let Kyleigh take it from here before I jump back in.

Real-world success story: Orion Law

[00:22:40]

Speaker: Kyleigh Fitzgerald

We wanted to bring up a real-world example of how we’ve helped a legal organization — Orion Law — transition off-prem and how we continue to protect their mission-critical workloads today.

This has been one of Kelly’s clients for several years, so I’ll pass it over to him. He’s worked closely with them and knows the story well.

Kelly, want to walk us through what we’ve done with Orion?

Speaker: Kelly Goolsby

Absolutely.

Orion is a 40-year-old legal software vendor — well-known in the industry. If you visit their website, you’ll see they offer a full suite: case management, time management, practice management, document management — really everything a law firm might need. It’s essentially a “law firm SaaS in a box.”

When Orion came to us about five years ago, they needed to migrate to an off-prem/cloud provider. In these industries, “off-prem” often just means a secure data center — they didn’t have the time or resources to rewrite their software completely.

We were able to help them migrate quickly to a VMware private cloud, without having to re-architect their systems. No need to change databases or data structures — we met them where they were. In the industry, we call that a “lift-and-shift” migration.

We provided them with a fully managed private cloud environment with high availability. This is one of several options we offer.

Now, if you think about downtime in dollars — eCommerce might be the obvious number one. But in legal, downtime is literally billable time lost, so availability is absolutely critical. The systems must be scalable and responsive. When attorneys onboard more people or purchase more services, we need to respond quickly. You can’t be competitive if it takes weeks to deploy new resources.

And yes, exceptional support is part of the case study. Things will go wrong — hardware, systems, software — nothing’s perfect. But how quickly and effectively you respond makes all the difference. We pride ourselves on that.

If anyone’s interested, we’re happy to send out the full PDF case study as a reference.

Compatibility, flexibility, & growth

Flexibility has become essential. Years ago, a firm might deploy five servers and revisit it in three years. That’s changed.

With hosted businesses, change is constant. New product launches, larger deployments, more complex setups — our clients evolve based on their customers’ needs. Our infrastructure adapts with them, ensuring future growth happens without friction.

And moving to a hosted solution doesn’t mean cutting staff. In fact, it usually frees up teams to focus on value-add work like mobile apps or product innovation.

Business continuity with disaster recovery

Let’s talk continuity. As we develop new solutions, we bring those to our clients. For Orion, we introduced a new product in our VMware space that allowed them to use their existing backup solution, Acronis disaster recovery.

This turnkey DR plan allowed them to replicate client data to a secondary data center, satisfying all their disaster recovery needs. They were already handling DR, but we made it simpler and more integrated.

Again, we’re happy to share the full case study if you’re interested.

Speaker: Kyleigh Fitzgerald

Yes — we’ll include that in the follow-up email with the webinar recording.

One thing I want to emphasize is how we make onboarding easy for clients like Orion Law. It’s because we provide white-glove services — hands-on support from three dedicated teams:

• Customer Success
• Product Implementation
• Engineering

These teams will guide the Acronis implementation and deliver a customized runbook, fully tailored to your business continuity needs.

It’s a great example of the depth and breadth of our services at Liquid Web.

Why choose Liquid Web?

Now that we’ve walked through market challenges, industry considerations, and a real-life case study, let’s talk about why businesses choose Liquid Web — and how we’re meeting today’s demands.

Built-in compliance

When you choose Liquid Web, we make hosting fluid — starting with compliance built into our solutions.

Navigating compliance can be overwhelming, especially for regulated industries. That’s why we integrate key frameworks directly into our infrastructure:

• HIPAA – for healthcare data
• PCI DSS – for secure payment processing
• SOC 2 – for system security and availability
• GDPR – for data privacy
  

We also participate in the EU-U.S. and Swiss-U.S. Data Privacy Frameworks to facilitate secure international data transfers — helping to ease your compliance burden.

Tailored, white-glove support

Standard support isn’t enough for regulated industries. That’s why you get:

• 24/7/365 access to over 400+ highly trained technicians
• Experts who not only know our tech, but also understand compliance
  

This level of expertise is rare, and I’ve been blown away by the team’s depth of knowledge.

Scalability & flexibility

Your infrastructure must evolve with your business. We provide the ability to:

• Scale from a single server to a multi-region cluster
• Maintain performance as you grow
• Adapt without service disruption

Whatever stage you’re in — from startup to enterprise — we’ve got you covered.

Security

Security is non-negotiable. We implement advanced, multi-layered protections to secure:

• Your data
• The infrastructure beneath it
• Your overall compliance posture

We help you stay proactive against rising threats.

Custom solutions

No two businesses are the same — and one-size-fits-all doesn’t work. That’s why we offer:

• Managed and unmanaged hosting
• WordPress, VPS, private clouds, dedicated servers
• GPU hosting solutions for AI workloads

Everything is tailored to your business goals and regulatory needs.

Industry-leading infrastructure

All of this is built on a high-performance foundation. That’s what makes Liquid Web a recognized industry leader. Our edge isn’t just a claim — it’s demonstrated through:

• A broad product portfolio, from managed WordPress and VPS to hybrid and enterprise cloud solutions
• Transparent pricing — no surprise fees like many public cloud providers
• Proven scale and global reach:
  • Hosting 500,000+ sites
  • Serving 45,000+ customers worldwide
  • Operating across 20+ global data centers (and expanding)
    

Recognized growth & expertise

We’re proud to be:

• A 12-time Inc. 5000 honoree
• Ranked #1 in dedicated hosting by Hosted Buyer
• Backed by strong reviews on platforms like Trustpilot
  

We now have 1,200+ hosting professionals working daily to improve your experience, including over 400 certified engineers available 24/7. That’s how we deliver on our 99.99 percent uptime guarantee.

Strong partner ecosystem

With over 2,200 partners, we’ve built a robust network to extend capabilities and keep innovating.

This ecosystem — combined with our solutions, scale, expertise, and reliability — solidifies our position as a true leader in managed hosting and cloud services.

Up next: Getting started

Now that you know what Liquid Web brings to the table, the next step is exploring how we can support your business.

Let’s turn it back over to Kelly, who works directly with clients every day as a Solutions Architect, to walk us through how to get started.

Solution design & implementation

[00:36:22]

Speaker: Kelly Goolsby

Oh — I was muted. Sorry about that. Gotta love technical difficulties.

If you don’t mind moving forward a slide — and thank you for giving my voice a moment to rest — let’s dive into solution design and implementation. This is something near and dear to my heart — it’s what my team does. You might think of it as “sales engineering” at some companies. We call it solution architecture.

We’ll start by evaluating your current environment — free of charge. The first question we always ask is: Can we do it? If we can’t deliver a solution, it’s not valuable to you or us, so we evaluate that early.

We’re also happy to review cloud bills. Kyleigh mentioned earlier how cloud billing can lead to unexpected charges. It’s not always that it’s not transparent — it’s just hard to understand until you’re deep in operations.

We’ll assess:

• Licensing — which licenses are portable (e.g., you may have an EA agreement with Microsoft),
• Infrastructure — identifying single points of failure, outdated software, or systems that pose too much risk to migrate as-is,
• Optimization areas — where we can improve architecture, performance, or scalability.
  

We often prepare A/B proposals, which go through a few iterations during the sales process. Once finalized, my team hands off infrastructure specs, diagrams, and calculators to our implementation engineers.

White-glove implementation

As Kyleigh mentioned earlier, implementation is part of our white-glove onboarding experience. This can vary depending on the product — if it’s a single server, the onboarding is lighter. But for multi-server environments or new customers, we assign dedicated engineers to:

• Review the build and ensure accuracy,
• Gather final network details (e.g., VPNs, new locations),
• Adjust configurations as needed — especially for clients who change during the process.

We also have implementation coordinators — essentially project managers — who guide you through the go-live phase. We understand that migration can feel risky, especially when it impacts your own clients. Whether you’re a service provider or a medical/legal practice, communication and planning are key to minimizing downtime.

Our team takes you from a conceptual design — digital now, not paper — to hands-on system deployment.

Migration strategy

We perform hundreds of migrations every year, and no two are alike.

Some clients have no internal IT and rely on a managed service provider (MSP); others have full IT departments. We tailor our support to your setup. In some cases, we’ll involve one of our partners.

No matter who handles the migration, preparation is critical. We walk you through:

• What the migration will look like (runbooks)
• Any required code freezes or database locks
• DNS updates (which can be tricky if admins are no longer around)
• Private network shifts.

For many clients, we handle the data migration ourselves, depending on the platform. Whether it’s us or you moving the data, we’ll walk through:

• Initial syncs
• Site restoration and staging (without updating DNS)
• Validation and testing, including unit and load testing.
  

For example, we recently had a client simulate viral traffic with a full load test. Based on results, we added RAM and spun up another web server. We’re always happy to adjust based on your needs.

Finally, we’ll schedule your cutover — often during low-traffic periods like 3AM over holiday weekends. We ensure dedicated support is scheduled for those windows, just in case anything goes wrong. And yes — with 24/7 support, we can rollback if necessary.

Live Q&A session

[00:42:08]

Speaker: Kyleigh Fitzgerald

Thank you, Kelly. That was incredibly informative, and I appreciate all the real-world examples you shared. It’s clear every customer’s needs are unique, and we’re here to help guide that journey.

Let’s open the floor for some live Q&A before we wrap up with our raffle.

Q: Is the white-glove service included with HIPAA-compliant hosting, or is it an add-on?

Kelly: Great question — yes, white-glove service is included with all product levels. The way we deliver it may vary by product (via chat, tickets, phone, etc.), but onboarding and implementation for most of our HIPAA clients includes the full implementation experience.

There are different service levels. For example, some bare-metal customers don’t want us managing the OS or app layer, which can also help narrow the compliance scope — and we’re fine with that.

Q: What cybersecurity services does Liquid Web provide?

Kelly: We provide multiple layers of cybersecurity services.

1. Baseline hardening – We close unused ports and secure server configurations out of the box.
   
2. Encryption – Encrypted drives are available for most servers, often at no extra charge.
   

In terms of advanced solutions, we work with four core vendors:

• Cloudflare – Our DNS, WAF (Web Application Firewall), and traffic management partner. We’re a Cloudflare Bandwidth Alliance partner and reseller.
  
• CloudLinux & Imunify360 – Offers PHP version control, jail environments, malware scanning, antivirus, and shared-hosting security enhancements.
  
• ThreatDown – A host-based IDS (intrusion detection system) we deploy to secure environments.
  
• Cisco – For firewalls, VPN, and edge security.
  

We also use Acronis for backups and ransomware protection — a strong layer for recovery. You can back up data offsite and roll back if attacked.

And yes — encrypted hard drives are available with HIPAA-compliant servers, usually at no extra cost, unless using certain NVMe configurations.

Additional cybersecurity note from Kelly

I forgot to mention — we’re flexible if you have a preferred security vendor.

If you want to bring in AlienVault for SIEM, Palo Alto for firewalls, or use SonicWall because it integrates with your existing office setup — we’ll work with you. You can even ship us your firewall hardware.

We’re great at accommodating:

• Third-party appliances
• Virtual firewalls
• Custom configurations
  

While we may not manage every device ourselves, we support data center-level logistics, access, and failover. My team can evaluate your needs and help integrate those solutions.

Closing remarks

Speaker: Kyleigh Fitzgerald

Absolutely. We’re here to support you however we can. Everyone has unique needs, and we’re here to meet them.

Before we end — it’s time for the $100 gift card giveaway. Our randomly selected winner is Dirk Desaul (I hope I pronounced that correctly!). We’ll follow up with you, Dirk — thanks for sticking around!

And to everyone else — thank you for joining us, asking great questions, and being part of such a thoughtful dialogue.

We know we’ve covered a lot today, but this is just the beginning. Your business has unique needs, and we’d love the opportunity to help make compliance and off-prem hosting easier for you.

Kelly was kind enough to drop his email in the chat — feel free to reach out to him directly. Or, you can contact us at [email protected].

You can also find us on LinkedIn — feel free to connect with either of us there.

Thanks again, and have a great rest of your day!

Speaker: Kelly Goolsby

Have a good day, everyone. Thanks so much!