What Proof Does The Provider Have Validating Its Security?
Service providers should be able to show proof that the architecture and systems have been audited, giving you peace of mind that the systems meet a cloud security standard. Service Organization Control reports show it provides reasonable protection over customer data, say experts. A SOC2 report is an exhaustive review of the control environment and would only be provided under a nondisclosure agreement. It gauges a service provider's controls against the Trust Services Principles, which cover the security, availability, processing integrity, confidentiality and privacy of the organization. A SOC3 report is more streamlined but freely available and should provide reasonable information about an assessment of the provider's security.