Cloud-based Security: Seven Questions You Must Ask
Remember the crash of April 21, 2011? For once it wasn’t the stock market that took a dive, it was Amazon’s EC2 cloud computing service, whose spectacular crash took a number of high-profile websites offline for hours and permanently destroyed some of its client companies’ data.
Remember the crash of April 21, 2011? For once it wasn’t the stock market that took a dive, it was Amazon’s EC2 cloud computing service, whose spectacular crash took a number of high-profile websites offline for hours and permanently destroyed some of its client companies’ data. In an instant, the vulnerability of data in the cloud became all-too-painfully obvious, reinforcing observations in a recent Forester Research report which cited comprehensive security capabilities as the main factor in shifting security from an inhibitor to an enabler of cloud services adoption.
Today, data security and privacy isn’t just about the Fortune 500 and healthcare organizations, or about conforming to HIPAA, PCI-DSS and other compliance mandates. When data is transmitted across wireless networks and public clouds, it is vulnerable to opportunistic and targeted hacks, particularly where personally identifiable information may become exposed to unauthorized entities. No matter the size or nature of your business, you’re required by law in most jurisdictions to make every effort to protect personally identifiable information.
Personally identifiable information that’s transmitted over a customer support channel is subject to the requirements of applicable data protection mandates, so if you’re responsible for that compliance, you need to be sure your vendor has solid data security tools in place. Analyst firm Gartner highlighted the need for a proactive approach to pre-empting security risks in their June report “Assessing the Security Risks of Cloud Computing,” which advises businesses to get a security assessment from a neutral third party before committing to a cloud vendor.
Cloud-based Help Desk Considerations
If you’re considering working with a cloud-based supplier to deliver a remote help desk or customer service solution, you need to be sure the platform you adopt is robust enough to support your operation and protect customer data traversing that platform. Here are seven initial questions you can ask prospective vendors to determine whether the cloud is the right route for your business:
- Who will be responsible for managing your data, and what privileges and access they’ll have? You need to know as much about these people as you would about your own employees.
- Where will your data be stored, and will your vendor commit to abide by the local privacy requirements for that location?
- How will your data be segregated from other organizations’ data in a multitenancy environment? What access control, authentication, and security audit measures are in place?
- What provisions are in place for disaster recovery and business continuity?
- What will happen to your data in the event of the vendor being acquired? (Customer service operations need to be available 24x7x365.)
- Does the vendor hold any ISO certifications that address data security?
- How are APIs and other application integration technologies, and their related security, handled?
If any of their responses concern you, consider whether a third-party assessment will help to ease your concerns. Be prepared to be tough with vendors – Gartner expects 50% of customer support business to be handled in the cloud by 2015, so cloud really does need to be a solid and mature platform within a few years, and only customer pressure will ensure that happens.
Involve your compliance team in the process, too. When your data is stored in another entity’s facilities, you’re still legally responsible for its safe keeping, and your compliance auditors may need to be able to access and inspect your supplier’s security procedures. If any of your prospective vendors refuse to commit to this level of scrutiny, cross them off your list.
Remember that when you contract with a cloud-based customer service solution provider, you’re entrusting them with the lifeblood of your business – customer data. And not all cloud-based security infrastructures are created equal.
Tim Hillison is VP of global marketing at NTRglobal, a provider of secure cloud-based help desk and ITSM solutions. Monthly guest blogs such as this are part of Talkin' Cloud's annual platinum sponsorship. Read all of NTRglobal’s guest blogs here.