Page 3 of 3
6. Has your cloud been audited?
What assurances can you provide your customers that you are adhering to proscribed security practices? Being able to show good results from an audit can help customers come onboard. Different industries have different requirements; clients with credit card security concerns might require adherence to PCI standards, for example.
7. What's in your SLA? Service level agreements can make or break your deal. Some cloud providers don't offer SLAs, noting that their technology is so reliable they are "unnecessary." If that's so, then committing to that reliability in writing should not be a problem. Savvy VAR customers are beginning to understand that they can include such areas as compliance, liability and reliability into SLAs. Get ahead of the curve by offering only those products and solutions with which you have confidence, and then draft SLAs around them.
8. How will the cloud impact my corporate governance?
Providing a consultative approach helps reassure the client that a cloud solution isn't going to change his or her company in an adverse fashion. "Develop workflows to ensure current governance is extended into the cloud, " said Joel Friedman, CSO of Datapipe, a managed service provider. "A compliant platform is not the same as a compliant solution. There is concern that not every touch point is being secured. The underlying platform that is touted as being compliant doesn't carry all the way up the application stack to ensure the solution is compliant. "
Friedman suggests offering a consultative approach to develop workflows similar to the ones the company already has, and extend those into the cloud. On the platform side, document what exactly the platform is doing, and educate the client. Detail what aspects are compliant what services are going to be placed on top of the cloud (e.g., an operating system).
<< Previous | 1 | 2 | 3