Another important factor to keep in mind when negotiating an agreement is identifying the location of your data. Back when companies had physical assets (i.e., file folders), knowing the location of data was a non-issue. Now, a piece of information may start its life in a box, but as it goes through automation processes, it can be backed up to a server anywhere in the world. This presents an issue for many legal organizations, such as the European Economic Community (EEC), which does not allow confidential data about its citizens to leave the EU. Because this guarantee can be difficult for a CSP to provide, organizations must proactively inquire about and address this issue when developing the SLA.
Prioritizing the value of your data (whether public or private).
Considering the different ways a loss event may impact your organization.
Monitoring and managing your third-party relationships with specific loss prevention protocols.
Testing your network for weaknesses, and addressing them swiftly.
Dedicating resources for information stewardship.
According to the Global State of Information Survey led by PwC US in conjunction with CIO Magazine and CSO Magazine, of 10,000 IT and security decision-makers in 127 nations, 69 percent of respondents use cloud-based security services. This number reflects that the cloud has not only proliferated, but has become a staple in the enterprise IT strategy. Given the survey results, which reveal increasing and continued growth of cloud adoption, Williamson has outlined five best practice guidelines for how companies can assess the capabilities of their critical cloud service providers (CSP).