According to Richard Pharro, APM Group’s CEO, the problem, in part, lies in the fact that many businesses do not explicitly seek out the scope of industry accreditations, instead taking vendor claims at face value.
“The popularity of the CIF Code of Practice is increasing with CSPs, but it’s important that end users apply greater pressure on the industry to encourage more providers to get certified,” Pharro said. “Though end users broadly recognise the value of standards, few scratch the surface to find out what they actually mean and often sign cloud service contracts without knowing the full extent to which they are protected.
“Many CSPs will concentrate on promoting accreditations that they have already gained to illustrate their overall integrity as a provider. Though they may provide some comfort to end users, the majority don’t directly map to cloud computing. Scope can range from one small aspect of a CSP’s operations, such as access control provisions, to the entire business operation. The net result is that end users are left with a false sense of security when choosing a provider.
“It’s important that end users are fully aware of the scope of any certifications held to have a better knowledge of what has been assessed. There are, in fact, no formal ISO cloud standards in operation, nor are there any certifiable best practice codes for CSPs, other than CIF’s Code of Practice,” he continued.
Alex Hilton, CEO of the Cloud Industry Forum, added: “The Cloud Industry Forum was established to ensure confidence, trust and transparency of Cloud services. The tangible delivery of this is comes with the certification of service providers through the Code of Practice. Customers can find details of certified CSPs on the CIF web site which should assist their confidence of vendor selection https://selfcert.cloudindustryforum.org/certification/.”