From: Wall Street Journal/CIO Journal
by Charles Weaver, Guest Contributor
With the adoption of cloud computing accelerating, there is now an urgent need for a globally accepted, universal standard and code of behavior for service providers delivering these solutions.
Today, the cloud is unregulated. It actually takes more licensing, oversight and continuing education to cut and style hair than it does to manage data in the cloud.
According to Ed Ferrara, principal security analyst with Forrester Research, “understanding the cloud provider’s underlying capabilities, resources, security processes and safeguards, as well as the provider’s overall financial health will be very important for organizations who want to safely and successfully utilize cloud computing.”
Despite the absence of governmental laws or regulatory safeguards for small, medium and large businesses that rely on third parties for IT and cloud services, it is important to ask your cloud provider for their credentials.
Industry-wide, cross-border standards for evaluating a cloud provider are crucial to protecting businesses’ safety and privacy.
Standardized due diligence on every cloud or outsourced IT relationship must be made available–and accepted–on a worldwide scale. Cloud and Managed Service Provider (MSP) certifications, as opposed to vendor specific certifications, are a first step and currently a very useful tool in helping customers know precisely with whom they are dealing in terms of infrastructure, resources, capabilities, financial health, as well as many other requisite characteristics.
Until we have an industry-wide standard, and before investing time or money – or entrusting your organization to any cloud or managed service provider – make sure you address the following:
Financial Health. Years ago, MSPs went out of business not because they were technically deficient, but because they had poor financial health. Knowing the financial stability of your cloud provider (especially in this global economy) is very important, unless you want to end up with your data stuck in the cloud unprotected and inaccessible.
Infrastructure Control. Ownership of infrastructure is only one aspect of control. Chances are, your cloud provider may not own the infrastructure they use and operate on your behalf. Find out. Control of infrastructure is directly related to your data’s security and availability.
Third Party Access. Does your provider allow third parties to access your cloud? Just like doctor referrals, cloud providers often seek help from third parties. This is fine, as long as these relationships are disclosed, and all these providers adhere to the same standards and level of accountability.
Data location. Cloud computing takes your physical infrastructure and moves it into the cloud. Pretty simple. But where is that cloud? Where your cloud resides will determine what laws apply to it. Concerned about your data security and privacy?
You need to know what laws govern your cloud, and that means you need to know where your cloud resides.
Accountability. With so many providers touching your cloud, how do you know who is ultimately responsible?
Organizations must have a primary partner and point of contact when there are issues with their cloud environment. Inevitably, service providers will begin pointing fingers and blaming each other while you sit in limbo. Having solid SLAs and service agreements is obvious, but you also need to know who, in the potential multitude of service providers, is at the end of the day responsible and accountable for your data.
There is no arguing the myriad advantages of cloud computing. However, until the world adopts a uniform standard, you need to ask the right questions to protect your organization’s data and reputation.
Charles Weaver, JD is CEO of the International Association of Cloud and Managed Service Providers (MSPAlliance), a 15,000 member certifying and standards-based body. The MSPAlliance (www.MSPAlliance.com) certifies and audits cloud and managed services organizations using its trademarked Unified Certification Standard (UCS).
Leave a Reply