Most enterprise companies and many small to mid-sized businesses (SMBs) have embraced some level of cloud adoption, and for good reason—smart use of cloud applications can help businesses streamline processes, improve efficiency and stay relevant in today’s digital marketplace. However, in this race to the cloud, companies, regardless of size, must vet potential cloud service providers (CSPs) before engaging in business with them. Let’s examine the data on the state of cloud computing today and discuss five best practice guidelines for assessing the abilities and business-fit of CSPs.
The State of Cloud Computing Today
More than 82% of enterprises reported having a hybrid cloud strategy in 2015, up from 74% in 2014, according to a study published by cloud automation vendor, Rightscale. In addition, according to research from Compass Intelligence, 78% of the U.S. SMB market is projected to have fully adopted cloud computing by 2020—more than doubling the 37% that was realized in 2015.
Cloud has become a business staple, and there’s ample data to support that assertion. For example, PWC (in conjunction with CIO and CSO Magazines, respectively) recently released its Global State of Information Security Survey 2016. In the survey of over 10,000 IT and security decision makers from 127 nations, 69% reported using cloud-based services.
Those same industry leaders also reported being highly focused on information security, significantly increasing their year-over-year spending in that area—a budgetary increase of a substantial 24% in 2015, to be exact. The survey responses also prove that a focus on cybersecurity in the enterprise extends beyond budgets: Some 65% of respondents said they were willing to collaborate to improve cybersecurity, and 59% had plans to leverage big data to improve their security efforts. Security, then, is clearly a priority.
Time to Assess Your CSP? Start Here
Undoubtedly, if you are reading this blog, you’re among those in early evaluation stage of a move to the cloud. What is clear from these statistics is you’re not alone. Countless other businesses are in the same position, and rushing into things is not the best approach.
Learn from these five suggestions below to ensure a smooth transition to the cloud, one with support from the right provider, that has your business interests in mind.
- Carefully compare your needs to the services offered by the prospective CSP. This step is crucial to making sure you’re getting what you need (and are not paying for things you don’t).
- Make sure you know who will control your data, where it will be stored, and how you’ll get it back in the event of a termination of a contract. The storage aspect of this step is of particular importance: If you’re dealing with a large CSP with a “follow-the-sun” operation, your data could be processed from countries not governed by the Data Protection Act of 1998, the Safe Harbor Agreement or other outlined countries of adequacy. In other words, your data could be at risk from the moment it leaves your hands.
- Understand how much information assurance your data warrants. To approach this thoroughly, take a close look at what’s required in terms of confidentiality, integrity, and availability – three main tenets of the information security triad. From a privacy perspective, ask yourself what level of protection—encryption, for example—your data requires in both transit and at rest and ensure the CSP in question can deliver. Next, examine the integrity of the CSP (the more, the better) and how available you need your data to be. All of these expectations should be clearly outlined in service level agreements (SLAs) with your CSP—more on that below.
- Take steps to ensure your data is segregated. Make sure to ask your CSP how your data will be securely isolated from their other customer environments, and note how (and which) CSP personnel will be able to access your information, and how that access is protected and restricted.
- Don’t overlook the billing method. Utility billing (paying for utilization vs. a flat monthly rate) is a common billing methodology for CSPs. It is popular, and rightfully so. It can lead to unpleasant surprises, however, if your utilization is higher than originally expected. For some, the consistent, predictable nature of a flat monthly rate is preferred.
- Choose a provider? Now, pay attention to SLAs. Once a CSP has been selected, it’s imperative to make sure any SLAs are comprehensive, covering the required service uptime criteria for data availability, the storage, and delivery of data relative to relevant standards (like PCI-DSS) and the terms surrounding contract termination.
Note that it’s also important to quantify the risks of hiring the CSP by performing a comprehensive analysis of the price (figuratively and literally) accompanying the loss of your data’s confidentiality, integrity and availability (CIA). Coming face-to-face with the consequences of poor CSP security, even hypothetically, should provide proof of just how necessary it is to assess prospective CSPs using the five best practice guidelines above.
Additional Resources on This Topic:
Best Practices for Assessing Your Cloud Data Security Services
How to Assess the Security of a Cloud Service Provider
How Do I Know My Cloud Service Provider’s (CSP) Applications are Secure?
Evaluating Cloud Computing Services: Criteria to Consider