What Should You Look For In A Cloud Services Provider?
There is no end of options available to you in the cloud services market. No matter what industry you’re in, where you operate from, and what you need from the cloud, you undoubtedly have a lot of potential choices to weigh.
It begs the question – what should you be looking for in cloud delivery from managed services provider (MSP)? What are the standards of quality? How can you tell an inexperienced provider from an industry-leading one?
By checking their credentials…
The Cloud Verify Program (And Why It Matters To You)
Kraft Technology Group has successfully completed MSPAlliance’s MSP/Cloud Verify Program (MSPCV) certification process for the second year. This is one of the most mature certification programs for cloud computing and managed services providers.
The MSPCV is based on the 10 control objectives of the Unified Certification Standard for Cloud & MSPs:
You want to know that your MSP has the necessary processes in place to make sure your efficiency is maximized, and your risks are mitigated when it comes to the cloud. You need effective oversight and accountability into the quality of your cloud services delivery – that’s what this control is all about.
- Policies and Procedures
You don’t want an MSP that’s playing it by ear – this control makes sure that they have developed detailed policies and procedures to dictate how they deliver services.
- Confidentiality and Privacy
If you’re going to entrust your data with an MSP by storing it offsite, then you need to know that it’s kept confidential. The way your data is stored and accessed needs to be strictly controlled in order to guarantee your privacy.
- Change Management
You don’t want to end up working with an inflexible MSP, right? This control is meant to make sure that the MSP has sufficient change management procedures in place that will allow for effective capacity planning, seamless modifications to MSP and customer configurations, and any necessary changes to the IT environment.
- Service Operations Management
You shouldn’t assume that your cloud will always work perfectly. As with any IT service, there will be an occasional event that could affect its quality. This control is meant to address how effectively the MSP deals with those events, examining their Network Operations Center, their ticketing process and service desk process.
- Information Security
Security is a top priority when it comes to the cloud. As with confidentiality and privacy, if you’re going to outsource your data management, then you need to be confident it’s kept secure. This control verifies the effectiveness of the MSP’s remote access policies, user account administration, authentication, wireless access, segregation of duties, network security scans and assessments, and the monitoring of access to your cloud data.
- Data Management
Despite the best efforts of the MSP in service operations management and information security, you need to be assured that they have a plan for when something goes wrong. The continuity of your data needs to be confirmed, regardless of whether you experience a natural disaster, cybercrime attack, or simple human error.
- Physical Security
Just because you’re dealing with digital information doesn’t mean the servers don’t need to be kept under lock and key. The best security software in the world won’t stop someone from accessing your data directly if the physical premises aren’t kept secure. This control verifies that the MSP has implemented a range of necessary physical security measures, such as physical access administration, card key, CCTV, on-site security, visitor/guest logs, and other effective security and environmental controls
- Billing and Reporting
The last thing you want is to be overcharged by accident because your MSP can’t accurately track the services they deliver. This control confirms that they have the right processes in place to monitor service delivery, reporting, and invoicing.
- Corporate Health
Beyond all the cloud-specific standards that are important for you to verify, you’ll also want to know that the MSP you work with is stable enough to keep you protected. This control confirms that the MSP is financially sound and comprehensively risk-averse – i.e., they’re not likely to go out of a business after a few months of managing your cloud.
The MSPCV was the first certification created specifically for the managed services and cloud industry. Every certification comes with a written report with the entire process documented, validated and signed by a 3rd party accounting firm. The MSPCV has been reviewed by governmental agencies and regulatory bodies across the globe and used and accepted in five continents around the world.
It’s certifications like these that can help you separate worthwhile cloud services providers from the rest. Looking for a provider that meets standards like these will allow you to make sure you’re working with a company that can deliver optimal cloud solutions.
Like this article? Check out the following blogs to learn more:
The Need for Cybersecurity Expertise at the Board Level for Banking
The new Health Industry Cybersecurity Practices (HICP)
NIST’s Small Business Cybersecurity Corner