IT security is a top priority for most CIOs. After all, gaps in infrastructure could leave their companies and customers vulnerable to attacks.
So when evaluating a cloud managed services provider, asking the right security questions can be critical in determining if the solution is a good fit. Choosing a cloud solution that meets a company’s unique requirements can help reduce operational costs and drive innovation while enhancing security.
With this in mind, our IBM cloud security experts highlight six question in this short webcast that, when asked, can help you decide whether a cloud service provider can meet your security requirements.
A focus on security
Source: Redefining Connections: Insights from the Global C-Suite Study – The CIO Perspective, IBM Institute of Business Value, 2016
A recent study conducted by IBM found that 76 percent of CIOs consider IT security their biggest risk. It was far and away the top response.
To avoid potential problems, a cloud managed services provider should incorporate built-in security layers at every level from the data center to the operating system, delivering a fully-configured solution with industry-leading physical security and regular vulnerability scans performed by highly-skilled specialists.
Questions to ask
When deciding whether a cloud managed services provider can meet your security requirements, start with these questions:
1. Who is responsible for security?
The answer may not be as obvious as you think.
Some cloud managed services providers might not take the full responsibility of maintaining a security-rich environment for your data. After they provide the hardware, the security and compliance responsibilities could rest with you. Also, some providers may require an agreement stipulating that your company is responsible for anything you do on your system that might affect your “neighbors” on that same cloud infrastructure.
Choose a cloud managed services provider capable of taking full responsibility for the security of the infrastructure rather than placing the onus on your company or a third party.
Be certain that your data is managed with the same tools, standards and processes that the provider uses for its own systems. To avoid confusion that can lead to serious issues later on, make sure this division of responsibility is clearly defined in your agreement with the provider.
2. How do I know security is adequate?
Your cloud solution should be able to help you manage regulatory compliance standards. While some providers may use certifications as a way of demonstrating security, it’s important to know what you’re looking at. Some certifications may cover only certain services or locations.
Choose a cloud managed services provider that covers the security of the entire infrastructure as well as policies and procedures. The security section of the IBM Cloud Managed Services Comparison Guide includes a list of certifications you may want to look for when evaluating cloud providers.
3. What if something goes wrong?
Quick recovery after a disaster is crucial to your business operations. Failure to properly handle outages can lead to lost revenue, productivity challenges and a damaged reputation with your customers.
Choose a managed cloud hosting solution that includes offsite disaster recovery options to help you get back online quickly. Make sure your agreement includes production-level service level agreements (SLAs) and regular testing of emergency backup options.
To learn more about what to ask and listen for when deciding whether a cloud service provider can meet your security requirements, register for the webcast, “Six questions every CIO should ask about cloud security.”
The post Why can’t all cloud providers deliver adequate security? appeared first on #Cloud computing news.
Quelle: Thoughts on Cloud
Published by