Security is a trade-off. E.g., security at the airport means more time in screening lines. And if what you’re after is easier access—to the airport, a facility, an information system, anything—then the trade-off is typically less security.
So when it comes to
Certifiable in that there exist third-party audits that run through a series of controls designed to test both a Cloud platform’s availability and security and, ideally, the security of the Cloud provider as well. Passing these controls results in reports being granted that say to the world, “Not only is this solution safe… it works, too.”
Now this is said with a nudge and a wink as the rub against the Cloud is sometimes that it works well… when it works at all. But when your Cloud provider can share with you its actual security and availability audits—formerly SAS-70, and now
The catch is twofold as you must ensure 1) that these audits are done by a third party (for example, with SaaSplaza, we retain PwC), and 2) that they pertain to your Cloud provider itself, and not just the
Ask to see the audit report. Most Cloud providers should have it readily available for Partners or end-users to review. In it, you’ll find dozens of controls that are likely to address your exact concerns.
For example, a concern such as “Who has access to the data center?” would be addressed by a control that demonstrates access to the data center is restricted to a group of FTEs and a key-card system with bio-metrics. And this is not merely something that is said: it something that can be proven and verified.
Regarding availability, a concern such as, “What happens should the system crash?” would be addressed by a control that demonstrates, tests, and proves that back-ups of physical and logical disks are done daily. Again, this would be a control that is viewable and verified.
Note that it’s extremely rare to find any kind of on-premise solution or provider that offers the levels of security and availability assurance that today’s top Cloud providers offer. Perhaps it’s because
by SaaSplaza, cloud platform provider for ERP and CRM