dcsimg

How to Assess Your Critical Cloud Service Providers

  • How to Assess Your Critical Cloud Service Providers-

    Define Clear SLAs: Data Supply Chain

    Step 4: Data Supply Chain

    In today’s business landscape, supplier channels are vast, global, and continue to grow in complexity. Often, your vendor relies upon its own set of vendors, who rely upon more vendors, and so on, calling into question which entity is responsible for maintaining the integrity and security of your data. For instance, your organization, “Company X,” may have a relationship with a CSP like Amazon. Then, Amazon might be affiliated with “Company Y” who hosts the physical infrastructure or data warehouses. It is important that “Company X” recognizes that Amazon also depends on its third-party relationship, so in the event of failure, it can be difficult to fix responsibility on one party. With this gray area, it is highly recommended that any company that evaluates the security of a potential CSP read the fine print and ensure contractual agreements specifically say that it (the CSP) is responsible for the actions of all of its suppliers. 

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13

How to Assess Your Critical Cloud Service Providers

  • 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13
  • How to Assess Your Critical Cloud Service Providers-5

    Define Clear SLAs: Data Supply Chain

    Step 4: Data Supply Chain

    In today’s business landscape, supplier channels are vast, global, and continue to grow in complexity. Often, your vendor relies upon its own set of vendors, who rely upon more vendors, and so on, calling into question which entity is responsible for maintaining the integrity and security of your data. For instance, your organization, “Company X,” may have a relationship with a CSP like Amazon. Then, Amazon might be affiliated with “Company Y” who hosts the physical infrastructure or data warehouses. It is important that “Company X” recognizes that Amazon also depends on its third-party relationship, so in the event of failure, it can be difficult to fix responsibility on one party. With this gray area, it is highly recommended that any company that evaluates the security of a potential CSP read the fine print and ensure contractual agreements specifically say that it (the CSP) is responsible for the actions of all of its suppliers. 

Previously, MetricStream's David Williamson shared best practices for how companies can keep their cloud technologies secure, including:

  • Prioritizing the value of your data (whether public or private).
  • Considering the different ways a loss event may impact your organization.
  • Monitoring and managing your third-party relationships with specific loss prevention protocols.
  • Testing your network for weaknesses, and addressing them swiftly.
  • Dedicating resources for information stewardship.

According to the Global State of Information Survey led by PwC US in conjunction with CIO Magazine and CSO Magazine, of 10,000 IT and security decision-makers in 127 nations, 69 percent of respondents use cloud-based security services. This number reflects that the cloud has not only proliferated, but has become a staple in the enterprise IT strategy. Given the survey results, which reveal increasing and continued growth of cloud adoption, Williamson has outlined five best practice guidelines for how companies can assess the capabilities of their critical cloud service providers (CSP).