Spotting their insecurities: How to pick your Cloud service provider
Moving business applications to the Cloud gives companies of all sizes the ability to exploit an array of strategic benefits. However, with an ever-increasing number of vendors offering a multitude of different products and services, choosing the right Cloud service provider can be tricky.
With Cloud service providers offering better products and increased accessibility, with more economic SaaS-based pricing, getting your hands on Cloud applications is easier and cheaper than ever before. And, with faster implementations, you can be up and running using these tools in no time at all.
However, this does not necessarily make the decision-making process involved in selecting the right vendor any easier. It’s still important to do your research and conduct due diligence, particularly into the security of potential Cloud service providers.
In this article, we discuss some of the key factors you must consider when assessing the security of such vendors.
Threats to Cloud security
Concerns over security have traditionally curbed the adoption of Cloud technologies, particularly when large volumes of confidential data are involved.
To an extent, this scepticism still exists today, and high-profile security breaches at some of the world’s largest organisations have done no favours in terms dispelling these fears.
However, these concerns are surely diminishing, as vendors now offer much more robust solutions that are more resilient to attack. This, combined with the fact that we are becoming increasingly accustomed to using Cloud applications in day-to-day life, means there is growing trust around this technology.
Rather than letting security concerns (many of which are often misconceptions) scare you off from embracing the Cloud, it is important instead to understand the threats posed so that you are better equipped to deal with them. Knowing what threats exist – and highlighting any areas of vulnerability in your business – can help you to mitigate these security risks.
Where is your data being stored?
When it comes to choosing a Cloud service provider, it is crucial that you take into consideration the location of the vendors’ data centres. It is important to evaluate fully the service level agreements (SLAs) provided by potential vendors in order to determine where their data centres are located.
Choosing where data is stored geographically is particularly important for sensitive business applications. As security compliance and regulation can differ drastically from country to country, it is important to be aware of these variances in order to ensure the level of security meets your requirements.
The location chosen can also depend heavily on where the end users of these tools are based, with some businesses preferring to locate their data centres nearby. Catherine Spence of the Open Data Center Alliance (ODCA) advises businesses to ‘look at where your users are. You want to get the best user experience for them.’
Vendors who have previous experience of working with similar-sized businesses, particularly in similar industries, can be massively beneficial when choosing your Cloud service provider.
Having a vendor who not only knows the industry, but is also experienced in implementing solutions for firms within it can be reassuring.
This is particularly important if you are engaged in an industry such as healthcare, government or financial services where proprietary data is extremely sensitive. With these types of organisations, there is likely to be much more stringent regulation around access to data and what can be done with it. Familiarity with these security processes and the previous acquisition of any necessary certifications can therefore result in a much more efficient implementation.
Independent security accreditations
The aforementioned security certifications can be a great way of identifying how robust a Cloud service provider’s security processes are.
It can often be difficult to assess the reliability of a vendor before actually engaging with them, but these independent accreditations aim to improve the transparency between customer and vendor when it comes to data security.
In an effort to standardise the way Cloud service providers’ security is evaluated, the Cloud Security Alliance (CSA) and British Standards Institution (BSI) launched the Security Trust and Assurance Registry (STAR) certification programme back in 2013.
Through this programme, third-party security audits are conducted on any qualifying vendors and, if successful, they can appear on the CSA STAR registry, signalling the integrity of their security protocols to potential customers.
Another important certification to look out for is a Standards for Attestation Engagements 16 (SSAE 16) certification, which demonstrates that a company’s products, systems and data comply with industry security standards.
Service level agreements
Should the worst happen and a security breach does occur, it is crucial that you have reassurances in place from your Cloud service provider.
These provisions can often be found in the vendor’s service level agreement and should outline the steps that will be taken in the event of potential data loss or corruption.
It is important that you negotiate an SLA that works for you, and leaves you feeling fully comfortable and reassured about your vendor’s resilience in the event of attack.
Are you evaluating Cloud Business Intelligence solutions? Download our free complete guide below to find out more.