Security is a leading concern in the cloud environment. Fear of data breaches or outages continue to keep executives up at night.
According to Gartner Inc., the market for cloud-security services is expected to reach nearly $4 billion in revenue in 2016, up from $2.1 billion last year. As more businesses move to the cloud, it's essential that companies work with partners that understand best practices of cloud security and provide transparency when it comes to their solutions.
A common question I hear from enterprises today is about the most important criteria when evaluating cloud providers. Many enterprises are still hesitant to partner with an outside vendor due to fear of giving up the control they believe they have over internal systems and data.
Cloud services from high quality providers can actually offer better security than in-house solutions. For example, leaning on a vendor that is dedicated to your business' cloud security, regular maintenance and continual monitoring is an advantage; it allocates resources and attention to the latest cloud technologies and threats - from those who are experts in the space. The key is knowing what to look for, and how to evaluate your cloud services providers.
Here are five simple, but very important elements to consider when reviewing cloud cloud providers:-
1. Vendor ownership and a clear vision around security
Ensure that there is an appointed expert dedicated solely to security, who can answer any questions in a timely fashion. This is a clear indication of commitment to high quality security. You may want to proceed with caution if you hear statements from the vendor like, "Our Head of Sales or CTO also functions as the Head of Security." This is a red flag that the vendor doesn't place a high enough for on the importance of security.
2. Experience and honesty
A well experienced cloud provider has probably suffered from past failures or a near miss at some point in its history. Vendors with experience - and maybe some scars - tend to make more informed decisions, choose the right technologies for integration, and therefore, will probably have a higher success rate than others. When you are talking about securing your most valuable assets, this becomes extremely important. The value of learning from previous mistakes cannot be underestimated.
3. What's behind the curtain?
Avoid vendors that lack transparency and don't allow you to look "behind the curtain." Of course it's not scalable for most cloud providers to give tours around their data centre, and it is also not very wise to expose firewall configurations or code to anyone who asks. Regardless, there should be plenty a cloud vendor can confidently share with you without compromising its security.
Look for cloud vendors that have nothing to hide - those who are willing to:
- Share third-party audit reports
- Offer details about recent penetration testing
- Provide you with a test account to run your own security tests
- Talk about the secure coding methodologies they use.
4. Detailed security model
You learn a lot about the maturity level of service providers by observing and analysing responses to your questions. In addition to the willingness to share what's behind the curtain, it's important to look at the nature of response and ask yourself: how comprehensive is it? Do they have readily-available security documentation that addresses your key questions in detail? Good answers should include a detailed response, and when possible, refer you to an audit report or international standard that they adhere to and backs up their statement (e.g. CSA, ISO 27001, PCI, etc).
5. Commitment to you
In every strong, long-term relationship, there must be some level of commitment made on both sides of the table. Always look for cloud vendors that are willing to commit both to a well defined SLA and set of standards. It's also important, especially when stakes are high, to have a partner who is willing to accept ongoing input and allows you to have an influence on their security roadmap.
By partnering with vendors who provide you with a strong commitment and high level of transparency, the trust in your cloud security will grow and you'll be free to focus on your business and serving your customers.
Dustin Dean is Vice President, GM for JAPAC at LivePerson
