Help Your Clients Vet Their Cloud Vendors–and Offer Them a Valuable Service, Too

There’s a great scene in the Harrison Ford movie Clear and Present Danger, where the chief bad guy meets with his head of intelligence to get answers about who is disrupting his bad-guy business, and why. “Who is doing this to me?” he demands.

When the intelligence officer begins, “If I were to guess…” the chief bad guy cuts him off: “No. That is not why I pay you, to guess. I can guess.”

Fortunately, your clients have you as their head of intelligence for major technology and infrastructure decisions. You help steer them to the best solutions for their specific needs and budget. So when it comes making smart decisions for their large-scale IT implementations, they don’t have to guess.

But what about all of the smaller decisions your clients are making every day about which cloud tools and apps to use for transmitting and storing corporate data? Are those cloud tools secure? Can the data on those vendors’ clouds be retrieved if something goes wrong? Are the vendors themselves solvent?

Another way you can show real value to your clients

You can show additional value to your clients in two ways here. First, you can alert them to the fact that their employees are almost certainly using more cloud-based apps than the IT team is aware of–and transmitting and storing business-critical data with those tools. (This Cloud Security Alliance study, for example, found that employees are using an average of 500 cloud apps at a typical enterprise. The same companies’ IT teams estimate they’re using only 50.)

This should spur your clients to implement enterprisewide policies and procedures to ensure employees use only IT-approved cloud services when dealing with company data.

Second, once your clients have established such a policy companywide, you can then help them determine which cloud vendors to put on their approved list, by arming them with the right questions to ask any would-be cloud provider.

Here are five questions to suggest your clients ask potential cloud vendors before allowing employees to use cloud tools:

1. Does your app encrypt our data while it’s stored on your cloud?

This might surprise you, but fewer than one in 10 cloud vendors will encrypt customer data at rest, as part of its standard operating procedure. That’s the finding of a study conducted by cloud security firm SkyHigh Networks.

So your clients cannot simply assume that a cloud vendor–even an established, well-regarded company–will be protecting their data at all times. Most won’t.

2. Do you have a disaster recovery plan for our data?

Consider this horror story, reported in CIO Magazine. Code Spaces, a hosting company for coders to store their data, was hacked in 2014. That was bad enough. But because Code Spaces failed to implement a disaster recovery plan, the company was unable to restore its customers’ data. It was simply lost forever.

Before they entrust their corporate data to any cloud service, your clients need to know whether that vendor has a disaster recovery plan in place to recover data lost due to theft, natural disaster or human error. Many do not.

3. Have you earned certifications for security and compliance?

Here your clients should be looking for independent, third-party verification that the vendor has built successful processes for managing and protecting its customers’ data.

Your clients should ask cloud vendors, for example, if they have been certified as PCI-DSS compliant, and if they have been tested against the best practices of the ISO-27002:2013 standards for information security management.

If your clients are in a heavily regulated industry, they should work only with cloud vendors whose tools and apps are compliant with data privacy regulations such as HIPAA and GLBA.

4. What physical security measures do you have at your data centers?

In addition to the technological and procedural security measures we’ve been discussing so far, your clients should also demand strong physical security protocols from any cloud vendor that will be storing their data.

Here they should be asking about security guards at the cloud vendor’s data centers, for example, whether the facility is protected by badge-restricted access, and whether the site is under constant video surveillance.

Your clients should also demand data storage redundancy, where their data will always reside in at least two separate locations–just in case one of the data centers suffers a disaster or downtime.

5. Are you financially stable?

Your clients might find it difficult to get an answer to this question, especially if the vendor is not public and does not legally have to disclose its finances. So you can suggest they ask related questions, like how long the company has been in business, where they receive funding, and whether they will share a client list.

If you’re wondering why this is so important, consider another horror story also reported in CIO Magazine.

Without any warning, in 2013 cloud storage provider Nirvanix alerted its enterprise customers that it was going out of business–and gave them just two weeks to remove all of their data from the Nirvanix cloud.

Many customers argued that given their own networks’ bandwidth limitations, they would not be able to pull down their data in time. But that didn’t matter–the company shut down completely a few weeks later.

That’s why your clients need to know the stability of any cloud vendor before they let their employees use its services to store important or proprietary data.

For cloud faxing, you can trust industry leader eFax Corporate

For the data your clients transmit by fax (and for inbound and outbound faxes their organizations need to archive for record-keeping and audit purposes), you can offer them a proven, highly trusted vendor that checks all of these and other important boxes. That service is cloud fax leader eFax Corporate.

Our fax-by-email service for enterprises is built on a highly secure, redundant network–which can enhance your clients’ fax security and regulatory compliance while at the same allowing their IT teams to outsource their entire fax infrastructure to a trusted cloud provider.

Become an Authorized eFax Corporate Partner

And you can now offer this leading cloud fax solution to your clients, through our high-touch, lucrative Partner Program. Please visit our eFax Corporate Partner Page to learn more.

Currently responsible for the Enterprise Partner Program for j2 Cloud Services, Peter Ely is a 27-year technology veteran, having held senior executive positions looking after presales support, product management,  product marketing and technical evangelist teams in the telecommunications and data networking arenas in positions located across two continents and three countries.