A Cloud service provider (CSP) can decide to expose various levels of its internal procedures. This article discusses how transparent processes adopted by CSP’s increase the confidence levels in an organization making use of cloud services.
As organizations consider moving their key business processes and IT infrastructure to cloud computing, they are concerned about risks, and rightly so, since this move will transfer significant control of security, privacy, availability, data protection and data retention to the cloud service provider. When these controls are transferred, the organisation has little or no visibility of business processes adopted by the Cloud provider, making it helpless during incidents where company’s business and reputation are at risk.
So how can a Cloud Service Provider overcome these concerns through transparency?
The answer is simple: By providing the necessary information on the control environment, via easy accessible documentation. Such information may include:
- Security policies
- Architectural details related to physical security within the infrastructure
- Data center layout
- Procedural details such as access rights & delegations
- Disaster recovery plans etc.
The more organizations get to know about the company, the higher the opportunity to minimize concern and increase trust.
Allowing periodic visits or spot-checks at the data center also allows organizations to be able to come in physical contact with parts of their organization which were hidden from them. Visits are a good opportunity to get to know key people from a service provider. Contacts which you’ll be able to get directly in touch with, in the case of any eventuality concerning the hosted services. Knowing whom to contact saves important minutes during incidents.
The above mentioned methods can be adopted by cloud providers to offer more visibility of their methods. Making a step towards transparency will open a window of opportunity to build trust between service provider and organization within the cloud environment.
- Opting for Disaster Recovery in the cloud (securopia.wordpress.com)