Protecting Your Cloud Data in the Absence of Standards and Regulations

Grazed from MSPNews. Author: Laura Stotler.

In the wild and rapidly evolving world of cloud computing, there are no regulations or safeguards in place to protect the SMBs and enterprises that increasingly rely on these services. Now more than ever there is a need for a globally accepted and universal standard and code of behavior for managed service providers (MSP) that deliver cloud solutions.

Charles Weaver, co-founder and CEO for the MSPAlliance, a 15,000-member certification and standards body, is calling on the industry to come together to create regulations and standards that will protect cloud services consumers. Weaver contends that with cloud computing adoption accelerating, there is an urgent need for standards and regulations.

"Today, the cloud is unregulated," said Weaver. "It actually takes more licensing, oversight and continuing education to cut and style hair than it does to manage data in the cloud."…

And that is a scary prospect as cloud services continue to grow and differentiate at a rapid pace.

“Understanding the cloud provider’s underlying capabilities, resources, security processes and safeguards, as well as the provider’s overall financial health will be very important for organizations who want to safely and successfully utilize cloud computing,” said Ed Ferrara, principal security analyst with Forrester Research (News – Alert).

Ferrara recently moderated a panel discussion at the Forrester Research Security Forum, in which Weaver participated. He stressed the importance of customers pinpointing areas in their organizations that produce value and revenue before going about protecting those assets through managed security services.

Weaver went on to say that industry-wide, cross-border standards are crucial for evaluating any type of cloud provider in order to protect the safety and privacy of customers. And in the absence of governmental laws or regulatory safeguards, it falls upon the enterprises and SMBs that rely on MSPs for their IT and cloud services to ask providers for their credentials.

"Standardized due diligence on every cloud or outsourced IT relationship must be made available – and accepted – on a worldwide scale," said Weaver. "Cloud and MSP certifications, as opposed to vendor specific certifications, are a first step and currently a very useful tool in helping customers know precisely with whom they are dealing in terms of infrastructure, resources, capabilities, financial health, as well as many other requisite characteristics."

He outlined five factors organizations should look for before entrusting their business to a cloud provider or MSP. The financial health of the service provider is an important factor since your data may end up unprotected, inaccessible and stuck in the cloud if your provider suddenly goes out of business. Infrastructure control is another important feature since there is a good chance your provider may not own the infrastructure they use and operate on your behalf. Knowing who controls that infrastructure is directly related to your company’s data security and availability.

Third-party access is another important factor, according to Weaver. Many MSPs often seek help from third parties, and those relationships need to be disclosed to ensure all providers are adhering to the same standards and levels of accountability relating to your secure data. Data location is another issue, since cloud computing moves the physical infrastructure into the cloud. Knowing where your data cloud resides determines which laws you must adhere to in terms of security and privacy.

Finally, accountability is a key issue. You must find out who is ultimately responsible for your cloud and data, since the chances are that many service providers will be handling your information. Customers should have a primary partner and point of contact for dealing with their cloud environments and any issues that may arise.

In addition to having solid SLAs in place, knowing who is responsible and accountable for your data is crucial.

Taking the time to ask questions and gather the information outlined above is crucial for the protection of your business data in the cloud. In an ideal world, there would be a set of standards and regulations for MSPs and cloud providers. Until that day arrives, gathering as much knowledge as possible about your cloud exchanges will protect your business and your valuable data.