Cookies help us display personalized product recommendations and ensure you have great shopping experience.

Big DataCloud ComputingITRisk Management

Ensuring Cloud Vendor Security Transparency in the Age of Data Breaches

onlinetech
onlinetech
3 Min Read
network security credentials to stop data breaches
Shutterstock Photo License - Sergey Nivens

Gartner recently released recommendations for gaining transparency into cloud software as a service (SaaS) contracts – including emphasis on annual security audits and certification by a third party to verify a cloud vendor’s operating/product security.

Gartner also recommends that contracts allow for an option to terminate the agreement in the event of a security breach if the provider fails on any material measure. Gartner’s report, Cloud Contracts Need Security Service Levels to Better Manage Risk reveals that 80 percent of IT procurement professionals will remain dissatisfied with SaaS contract language and protections that relate to security over the next two years.

“We continue to see frustration among cloud services users over the form and degree of transparency they are able to obtain from prospective and current service providers,” said Alexa Bona, vice president and analyst at Gartner.

So how can you maintain complete transparency into your cloud service provider’s ability to provide ongoing secure services? The following is relevant to cloud infrastructure as a service (IaaS) providers that may offer services to other software as a service (SaaS) providers:

More Read

remote IT support
Rapidly Growing Business Benefits Of Data-Driven Remote IT Support
Bob Gourley’s 2012 Outlook: “Expect Disruptions”
The Role of Data in Shaping the Future of Business in Mayfair
Consolidate Your Software Spend Data For Better IT Budget Planning
The Role Of Big Data In Setting WordPress Safety Trends In 2020
  • Check compliance audit reports. The list of security audits that should be conducted by an independent third-party auditor at least annually is a long one – it just depends what you’re looking for and what industry you’re in. Take this Data Center Audits Cheat Sheet with you to your data center visit.
  • Visit the actual data center. Verify your cloud service provider owns and operates their facilities, and then schedule a tour to check out their physical and technical security. Talk to their staff and ensure they’ve been trained to handle sensitive data, as well as their policies around access.
  • Compare industry compliance requirements with their offering.  Knowing who’s responsible for what clears up any gaps in your overall security, and clarifying what they offer and don’t also gives you insight into the scope of their services.
  • Find out what their breach notification policies are. Ask if the clause includes a standard notification policy if they discover a breach, and what the procedure involves after the event. Get your team involved to manage their end and ensure contacts are identified.
  • Invest in Third Party Risk Tools. The right software tools can help mitigate third- and even fourth-party data breaches.

Gaining transparency into your cloud provider’s environment may take more upfront work on your organization’s part, but it could be worth it in the end – the Ponemon Institute revealed that the cost of a data breach is rising across the globe in 2013 Cost of Data Breach Study: Global Analysis (PDF).

TAGGED:
Share This Article

Follow us on Facebook

Latest News

street address database
Why Data-Driven Companies Rely on Accurate Street Address Databases
Big Data Exclusive
predictive analytics risk management
How Predictive Analytics Is Redefining Risk Management Across Industries
Analytics Exclusive Predictive Analytics
data analytics and gold trading
Data Analytics and the New Era of Gold Trading
Analytics Big Data Exclusive
student learning AI
Advanced Degrees Still Matter in an AI-Driven Job Market
Artificial Intelligence Exclusive

Stay Connected

You Might also Like