Why can’t all cloud providers deliver adequate security?

Share this post:

IT security is a top priority for most CIOs. After all, gaps in infrastructure could leave their companies and customers vulnerable to attacks.

So when evaluating a cloud managed services provider, asking the right security questions can be critical in determining if the solution is a good fit. Choosing a cloud solution that meets a company’s unique requirements can help reduce operational costs and drive innovation while enhancing security.

With this in mind,  our IBM cloud security experts highlight six question in this short webcast that, when asked, can help you decide whether a cloud service provider can meet your security requirements.

A focus on security

Cloud managed services provider questions

Source: Redefining Connections: Insights from the Global C-Suite Study – The CIO Perspective, IBM Institute of Business Value, 2016

A recent study conducted by IBM found that 76 percent of CIOs consider IT security their biggest risk. It was far and away the top response.

To avoid potential problems, a cloud managed services provider should incorporate built-in security layers at every level from the data center to the operating system, delivering a fully-configured solution with industry-leading physical security and regular vulnerability scans performed by highly-skilled specialists.

Questions to ask

When deciding whether a cloud managed services provider can meet your security requirements, start with these questions:

1. Who is responsible for security?

The answer may not be as obvious as you think.

Some cloud managed services providers might not take the full responsibility of maintaining a security-rich environment for your data. After they provide the hardware, the security and compliance responsibilities could rest with you. Also, some providers may require an agreement stipulating that your company is responsible for anything you do on your system that might affect your “neighbors” on that same cloud infrastructure.

Choose a cloud managed services provider capable of taking full responsibility for the security of the infrastructure rather than placing the onus on  your company or a third party.

Be certain that your data is managed with the same tools, standards and processes that the provider uses for its own systems.  To avoid confusion that can lead to serious issues later on, make sure this division of responsibility is clearly defined in your agreement with the provider.

2. How do I know security is adequate?

Your cloud solution should be able to help you manage regulatory compliance standards. While some providers may use certifications as a way of demonstrating security, it’s important to know what you’re looking at. Some certifications may cover only certain services or locations.

Choose a cloud managed services provider that covers the security of the entire infrastructure as well as policies and procedures. The security section of the IBM Cloud Managed Services Comparison Guide includes a list of certifications you may want to look for when evaluating cloud providers.

3. What if something goes wrong?

Quick recovery after a disaster is crucial to your business operations. Failure to properly handle outages can lead to lost revenue, productivity challenges and a damaged reputation with your customers.

Choose a managed cloud hosting solution that includes offsite disaster recovery options to help you get back online quickly.  Make sure your agreement includes production-level service level agreements (SLAs) and regular testing of emergency backup options.

To learn more about what to ask and listen for when deciding whether a cloud service provider can meet your security requirements, get the Comparison Guide.

More Security stories

French insurer teams with IBM Services to develop fraud detection solution

Auto insurance fraud costs companies billions of dollars every year. Those losses trickle down to policyholders who absorb some of that risk in policy rate increases. Thélem assurances, a French property and casualty insurer whose motto is “Thélem innovates for you”, has launched an artificial intelligence program, prioritizing a fraud detection use case as its […]

Continue reading

Cloud innovation in real estate: Apleona and IBM rely on new technologies

Digitization does not stop at the proverbial concrete gold — real estate. In fact, the real estate industry is on the move. Companies are realizing the benefits of digital transformation and are capitalizing on the power of new technologies such as cloud, AI and blockchain. Take, for example, Apleona GmbH, one of Europe’s largest real […]

Continue reading

Innovate with Enterprise Design Thinking in the IBM Garage

We’ve all been there. You have an amazing idea that’s really exciting. Maybe it’s a home improvement project, or perhaps it’s a new business idea. You think about all the details required to make it real. But, once you get to the seventh action item, you’re not so excited anymore. Sometimes when we realize the […]

Continue reading