How to Assess Your Critical Cloud Service Providers

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
Next How to Assess Your Critical Cloud Service Providers-9 Next

Define Notification Timeframes

Many regulatory requirements dictate that if a company loses consumer data (i.e., cardholder information, private transactions, social security numbers, etc.), the company is obligated under law to notify the affected customer. However, the CSP is the party that needs to be the first to recognize that information has been compromised and report it.

Unfortunately, CSPs tend to be cautious about notifying customers about lost PII (personally identifiable information), so it is vital that your company defines specific customer-notification timeframes and outlines exactly what should trigger these alerts. Warnings could include mishaps such as data found in a public space, unavailable systems, systems outside of trusted networks, and corrupted data. Notifications are critical, as virtually every type of data compromise companies experience today can lead to harrowing consequences for customers — fraud, identity theft, blackmail hacking, or worse. Additionally, it is important to explicitly dictate that the CSP must alert your company when there is even a suspicion of a breach or similar event. This can be an expensive and time-intensive, yet necessary process. Thus, the guidelines should be fair and state that this level of notification is only required when the CSP has a probable reason to believe data has been compromised.

Previously, MetricStream's David Williamson shared best practices for how companies can keep their cloud technologies secure, including:

  • Prioritizing the value of your data (whether public or private).
  • Considering the different ways a loss event may impact your organization.
  • Monitoring and managing your third-party relationships with specific loss prevention protocols.
  • Testing your network for weaknesses, and addressing them swiftly.
  • Dedicating resources for information stewardship.

According to the Global State of Information Survey led by PwC US in conjunction with CIO Magazine and CSO Magazine, of 10,000 IT and security decision-makers in 127 nations, 69 percent of respondents use cloud-based security services. This number reflects that the cloud has not only proliferated, but has become a staple in the enterprise IT strategy. Given the survey results, which reveal increasing and continued growth of cloud adoption, Williamson has outlined five best practice guidelines for how companies can assess the capabilities of their critical cloud service providers (CSP).


Related Topics : IBM Looks to Redefine Industry Standard Servers, APC, Brocade, Citrix Systems, Data Center

More Slideshows

Holiday20-190x128 5 Ways to Protect Your Data Center from a 'Zombie' Server Attack

It's easy to forget about the ghosts of servers past that are hiding in the background, continuing to consume electricity and potentially exposing organizations to malicious attacks. ...  More >>

cloud50-190x128.jpg How to Use the Cloud to Become a High-Velocity Business

Cloud SaaS adoption allows organizations to gain the flexibility and scalability necessary for creating a high-velocity business. ...  More >>

DynCloudInternetVisibility0x 8 Reasons the Enterprise Needs More Visibility into the Cloud

IT executives need the right tools to monitor and control their cloud infrastructure to maximize the positive impacts and mitigate security threats. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.