What Does Your CSP Really Know About Cloud Best Practices?
October 10 by Brian Scandariato
The cloud is the place to be. Gartner reports that over $1 trillion in IT spending will be affected by the cloud during the next five years, and worldwide spending on public cloud services will grow to $246.8 billion in 2017. Facts like these are why 74% of CFOs say cloud computing will have the biggest impact on their business this year.
It comes as no surprise then that a wide array of Cloud Service Providers (CSPs) are vying to meet the demand. According to our own research, an estimated 75% of businesses that use at least one cloud outsource various IT responsibilities to a managed services provider.
But with the rise of cyber attacks, you need to be fully confident in your CSP’s ability to protect you in the cloud. This requires your CSP to measure up in several key areas. Here are 3 and how HOSTING approaches each.
1. Risk management and compliance
Many CSPs claim full compliance with HIPAA, PCI and other standards, but just how much responsibility do they really take for these claims? To minimize your risk, it’s critical that accountability is clearly defined.
Ask for proof of certifications and success meeting compliance obligations. At HOSTING; for example, we back all our services (colocation, cloud and managed servers) by our 100% audit assurance guarantee. We are, in fact, the only MSP to achieve full PCI/DSS, HIPAA/HITECH and SOC ⅔ compliance on all platform types.
2. Infrastructure management
Managing a cloud or hybrid infrastructure introduces new complexities and security vulnerabilities. Careful consideration must be given to best practices in all environments — whether public cloud, private cloud, multi-cloud, hybrid or hybrid multi-cloud.
While cloud platforms such as AWS and Azure are known for their flexibility and scalability, they fall short when it comes to delivering value-added security, compliance and support. In contrast, the approach at HOSTING is to combine the elasticity of these cloud services with customized, expert-driven managed services.
We offer unified system administration, security, DR, networking and application across all leading public and private cloud platforms. The advantage is end-to-end support and visibility through a single source — without expensive infrastructure costs or distractions from your core business.
One point that’s easy to overlook when moving to the cloud is the shared security model offered by many CSPs. Essentially, this involves allocating responsibility for security controls across several different entities including you — the customer.
Before contracting with a CSP, be sure to identify who’s responsible for providing the security controls required by your specific compliance mandate. The last thing you want to happen after an infraction is to discover a control you thought your CSP covered was actually your responsibility.
To avoid this scenario, reference your regulatory framework to draw up a comprehensive list of security controls. From a responsibility standpoint, here’s a shortlist of security functions we cover at HOSTING:
Physical control of facilities and access
Encryption, data and network communication
Network security (firewall configuration and management, log management, IDS, web application firewalls, etc)
File integrity monitoring
Customer code security review
GRC (governance, risk management and compliance tracking)
Put Cloud Best Practices to Work
Moving to the cloud can reduce costs, improve service levels and drive growth — assuming you’re able to put cloud best practices to work for you. Consistently recognized by Gartner for inclusion in its annual Magic Quadrant for Cloud-Enabled Managed Hosting, HOSTING stands out for its ability to execute and completeness of vision. Contact us to learn about our best practices-based approach to cloud services.