Security is a trade-off. E.g., security at the airport means more time in screening lines. And if what you’re after is easier access—to the airport, a facility, an information system, anything—then the trade-off is typically less security.
So when it comes to , it seems impossible that the Cloud can concurrently deliver both increases in system security and in system availability. But, in truth, it’s more than possible; it’s actual and it’s certifiable.
Certifiable in that there exist third-party audits that run through a series of controls designed to test both a Cloud platform’s availability and security and, ideally, the security of the Cloud provider as well. Passing these controls results in reports being granted that say to the world, “Not only is this solution safe… it works, too.”
Now this is said with a nudge and a wink as the rub against the Cloud is sometimes that it works well… when it works at all. But when your Cloud provider can share with you its actual security and availability audits—formerly SAS-70, and now (US) and (Europe)—it can demonstrate beyond a doubt that its platform, processes, and people have passed the most stringent security and availability tests there are.
The catch is twofold as you must ensure 1) that these audits are done by a third party (for example, with SaaSplaza, we retain PwC), and 2) that they pertain to your Cloud provider itself, and not just the it may use. Many providers will claim they’re “SSAE certified!” when in fact no audit has been done on the provider itself. (Talk about taking credit where credit is definitely not due!)
Ask to see the audit report. Most Cloud providers should have it readily available for Partners or end-users to review. In it, you’ll find dozens of controls that are likely to address your exact concerns.
For example, a concern such as “Who has access to the data center?” would be addressed by a control that demonstrates access to the data center is restricted to a group of FTEs and a key-card system with bio-metrics. And this is not merely something that is said: it something that can be proven and verified.
Regarding availability, a concern such as, “What happens should the system crash?” would be addressed by a control that demonstrates, tests, and proves that back-ups of physical and logical disks are done daily. Again, this would be a control that is viewable and verified.
Note that it’s extremely rare to find any kind of on-premise solution or provider that offers the levels of security and availability assurance that today’s top Cloud providers offer. Perhaps it’s because understand the objections better than anyone—e.g., “Is it safe?”—and are therefore best-suited and most-willing to take (and pay for: 3rd party audit reports aren’t free!) the extra steps to give their customers actual and certifiable peace of mind.
by SaaSplaza, cloud platform provider for ERP and CRM
|
Related Posts
- Weather Report: Despite Confusion, Cloud Is Good for Business
- Cloud Computing for your Accounting Department: A More Secure Choice
- Who’s Afraid of the Big, Bad Cloud? Cloud Security Explained.
- How Secure Are Your Financial Systems From Unauthorized Users?
- How to Ensure that Your Data is Secure Online with ERP Software
