dcsimg

How to Assess Your Critical Cloud Service Providers

  • How to Assess Your Critical Cloud Service Providers-

    Define Clear SLAs: CIA

    Step 1: Confidentiality, Integrity, Availability (CIA)

    The first thing to keep in mind when defining a service level agreement (SLA) with a cloud service provider is to understand the respective rights and responsibilities for the confidentiality, integrity and availability (CIA) of company data. Also referred to as the CIA triad, this is a standard that guides information security policies within the organization. Confidentiality maps to breaches, integrity to corruption/malware, and availability to downtime issues. The CIA structure is how information security professionals recognize the responsibilities for protecting data.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13

How to Assess Your Critical Cloud Service Providers

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
  • How to Assess Your Critical Cloud Service Providers-2

    Define Clear SLAs: CIA

    Step 1: Confidentiality, Integrity, Availability (CIA)

    The first thing to keep in mind when defining a service level agreement (SLA) with a cloud service provider is to understand the respective rights and responsibilities for the confidentiality, integrity and availability (CIA) of company data. Also referred to as the CIA triad, this is a standard that guides information security policies within the organization. Confidentiality maps to breaches, integrity to corruption/malware, and availability to downtime issues. The CIA structure is how information security professionals recognize the responsibilities for protecting data.

Previously, MetricStream's David Williamson shared best practices for how companies can keep their cloud technologies secure, including:

  • Prioritizing the value of your data (whether public or private).
  • Considering the different ways a loss event may impact your organization.
  • Monitoring and managing your third-party relationships with specific loss prevention protocols.
  • Testing your network for weaknesses, and addressing them swiftly.
  • Dedicating resources for information stewardship.

According to the Global State of Information Survey led by PwC US in conjunction with CIO Magazine and CSO Magazine, of 10,000 IT and security decision-makers in 127 nations, 69 percent of respondents use cloud-based security services. This number reflects that the cloud has not only proliferated, but has become a staple in the enterprise IT strategy. Given the survey results, which reveal increasing and continued growth of cloud adoption, Williamson has outlined five best practice guidelines for how companies can assess the capabilities of their critical cloud service providers (CSP).