CSP security comes from users making the right choices

The Cloud Industry Forum’s certification partner, the APM Group, has joined in the current trend for pointing at Cloud Service Providers for lack of attention to security in the services they deliver, but has added the observation that users must shoulder some of the blame 

  • 10 years ago Posted in

With the Infosecurity conference and exhibition upon us once again, it is often a time to spot themes in the cloud security marketplace. And over the last couple of weeks it has become apparent that one important theme to emerge is the blaming of service providers for not delivering more secure services to end users as part of the fundamental service package.

There have already been a few stories along these lines on the run up to the conference, and the latest to approach the subject – if from a slightly different angle to direct blaming – is the APM Group, the Cloud Industry Forum’s independent certification partner. Indeed, it has also pointed the finger at the user community itself

Its position is the mitigating the security risks of cloud computing starts with selecting the right Cloud Services Provider (CSP). The company will be addressing this subject at Infosecurity Europe, stressing that, whilst end users will still need to exercise caution and conduct their due diligence, the CIF Code of Practice can assist in the selection process.

“Security is typically cited as an obstacle to the deployment of cloud solutions,” Richard Pharro, CEO of APM Group said, “ but, in general, the perception that cloud has heightened security issues is unfounded. In truth, data is not inherently more insecure in the cloud than on-premise. It all comes down to what safeguards there are, be they technical or legal.

“CSPs will often have more robust and up-to-date security than their customers, in particular SMEs, who often have limited full-time IT resources and  struggle to keep up to date with security issues and fixes. Maintaining the best levels of security and service reliability are part of the core business proposition of every CSP, for if they fail at that they have very little else of value to offer the marketplace.

“Good security does, however, start with choosing the right provider. You shouldn’t be afraid of asking prospective CSPs tough questions about how your data will be kept secure. For example, what mechanisms the CSP operates in regard to access control, data storage, and data in transit to ensure compliance with data protection as well as offer effective security and sovereignty? If they can’t satisfactorily answer these questions, I’d suggest that you keep looking.”

The Cloud Industry Forum has established a Code of Practice for CSPs to make the selection process easier. It aims to standardise enterprises offering cloud services to provide assurances for end users looking to migrate to the cloud.

Pharro sees this as a credible, certifiable tool that allows CSPs to demonstrate they meet specified requirements of transparency, accountability and capability. For example, providers that have certified against the Code have demonstrated their compliance with industry standards of best practice with regard to transparency and capability. 

Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.