November 10, 2016

Is you secure Cloud hosting partner really secured?

Mikael Ekström

Senior Digitalization Advisory Consultant, Tieto

I believe that CIOs have been in a very tough spot regarding the cloud the last couple of years. They have been pressured by the business to adopt cloud solutions, in order to achieve more agility and speed but also due to big disruptive fears from management. The CIOs and internal IT in general have often been criticized for being stumbling blocks or lacking forward-mindedness when they urge caution, due to for example compliance and security reasons.

Today there are no big reasons for the CIOs not to carefully investigate the usage of Cloud Solutions. A recent study from the Nordic analyst company Radar shows that late adopters of Cloud, nowadays really are losing business. These late adopters are in my mind even at risk of quickly becoming disrupted, compared to companies with new innovative ideas and with completely different business models.

As another proof of the impact of Cloud on business, a recent analyst report from Forrester statesCloud has been the biggest and most disruptive force in the tech market over the past 15 years. The hyper growth phase of this industry-altering market will continue and accelerate for the next four years”.

So if there are some security concerns remaining, which might have been pointed out as the number one barrier between CIOs and cloud adoption, I urge you think again and quickly try to address those concerns! Let me try to help and to give you some ideas on how to look at your Cloud security concerns from an overall point of view. 

Confidentiality, Integrity, and Accessibility

One of the most important aspects of evaluating a cloud provider is knowing who you are dealing with, aka looking at the confidentiality situation.

So the first thing to do is to ensure that the companies you are dealing with truly are cloud experts and have been around long enough to be able to “prove themselves” with customer references etc.

Related to integrity and accessibility you also need to make sure that all aspects of the hosting infrastructure are continuously monitored and that the system notifies the technical staff via SMS and/or email etc. The message goes out immediately when it detects a breached threshold, error or other failure. In relation to policies, procedures and security awareness the hosting partner needs to have developed detailed plans and procedures regarding business continuity and incident response that specify the steps to be taken by its technical staff, help desk, and service management in the event of an incident. These procedures are designed to provide a consistent process to contain and resolve any incident, whether minor or major, quickly and with no or minimal disruption to services.

In addition to business continuity and incident response procedures, the hosting provider security experts should have developed extensive policies for all its employees to ensure that everyone understands the fact that data security is top priority and act accordingly. Often external security experts have been engaged to double-check these policies and that they are enforced rigorously from the top-down at all levels of the organization.

The openness in allowing rigorous, on-site customer/external audits etc. is as well a proof of professionalism. Audits need to cover everything I have discussed in this blog and more—like physical systems, physical entrance control and logging, infrastructure, policies and procedures, right down to the audit of randomly selected workstations of office staff to ensure that up-to-date anti-virus software is in place.

Business Technology Advisors

As mentioned in the beginning of the blog and to remind you, incidents that disrupt business and operations over the Internet can and sometimes do happen. In this blog I have touched upon a number of concerns, and you need work on these preparations. There is help and guidance available (see for example Tieto´s Consultancy services by our Digitalization, Cloud and Security Advisors). We can provide you the security and cloud experts that will be able to help you as needed. Worth stating is also that Tieto’s own Cloud hosting services are designed to mitigate any threat posed to the security of your data and to return to normal operations as quickly as possible. Tieto actively follows the market and competition for learning opportunities.

So when it comes to deciding whom to trust in the growing cloud arena, I invite you to consider Tieto’s substantial investments to safeguard our customers’ data both in day-to-day operations as well as under dire circumstances. Tieto’s customers enjoy the level of security that would easily blow most companies’ own IT budgets —while making it affordable and accessible as the costs and investments are spread among all of our customers.

Commitment to CIOs

To sum up: Modern and forward thinking Cloud suppliers usually strive to treat the storage and safeguarding of customers’ data in a manner that complies with, and in most cases exceed, customers’ own policies. I understand that when you engage a supplier to act on your behalf to safeguard your data, this trust not only encompasses, but transcends the legal- and policy-driven aspects, landing at a personal level. So I think that as a commitment to the CIOs, the hosting suppliers need to ask themselves: “If this was our own personal and business information that we were entrusting to a cloud solution provider, how would we want that company to protect its confidentiality, integrity, and availability?”

I hope this blog text has answered at least some of your questions about the security concerns you may have — perhaps even given you a level of confidence that you will even consider leading the way and introduce Cloud solutions to your business development colleagues yourself.

If you have questions that you would like to discuss, feel free to contact me at any time!

Why not come and meet me at Radar Summit, on November 15 in Stockholm!

Stay up-to-date

Get all the latest blogs sent you now!