security-community

How Security Certification Helps Cloud Service Providers Stay Transparent and Credible

Security Certification Helps Cloud Service Providers

If you are a cloud service provider (CSP), you know your customers have a choice as to who to work with, but do you know what will help tip the scales in your favor? It’s not just robust security or scalability. Much of your credibility will come from a heightened level of transparency that will resonate with the internal IT department and the C-suite.

It is a given that the concept of cloud technology has become more normalized over the past few years. Most companies now have a plan in place for migration and operation, and much of the discussion centers around which types of cloud to focus on: private, public or hybrid, and who to use as the provider. But this still requires a commitment on the part of a company to let go of its data and its processes, and hand it all over to an outside party.

Consequently, this places a requirement on the CSP to not only make good on the physical end of the deal – having a robust and secure platform to host the data – but also to remain transparent and provide solid evidence of its trustworthiness. A key point here is that robust security is not enough. There must be clear proof of this security, delivered in a fashion and frequency that will satisfy. It is not negotiable.

Part of the reasoning may stem from high-profile leaks and breaches that occur with disturbing frequency, but a major part of the concern will come from the fact that CSPs are external companies with their own rules and governance. Clients will constantly worry about a cloud provider’s ability to remain secure and reliable in all areas of its operations, and they will compare it to what they know best – their own in-house rules, regulations, and security. A CSP that fails to prove that it is equal or better than their clients’ own systems will not succeed.

The Problem with Being Focused on Security

Often a company that is a specialist in one area will inevitably lack somewhere else. It is expected that a CSP will focus intently on robust security, scalability, and accessibility, but this makes it easy for it to overlook the bedside manner that clients expect. Also branded as “customer experience” (CX), bedside manner is the art of communicating with the client and managing their customers’ expectations and worries. CSPs must be able to deliver on this.

Rich Campagna ‎the CEO of cloud security provider Bitglass. “If you compare cloud security to premises security,” he says, “often the two types of services are solving similar issues with similar technology, like encryption and data. But the big challenge and difference with cloud is that in the premises world you can stack or layer many security technologies together, which you cannot do in the cloud.” This is just one example of the types of security concerns a customer will experience, and which need to be clearly communicated by a CSP to prove they have a better, more secure method.

The CCSP

With security being such a multi-layered and ever-evolving challenge, it only makes sense that a cloud service provider should reach out and work with cloud security specialists whose sole purpose is to be the go-to expert and problem solver. This is precisely what a Certified Cloud Security Professional (CCSP) does.

In addition to a wealth of up-to-date technical knowledge around security issues and threats, a CCSP can also deliver strategic awareness and communications skills to the CSP’s management team. This in turn can help the CSP to communicate, strategize, and deliver to their own customers the necessary evidence of superior security and permanent transparency.

The CCSP designation was co-created by (ISC)² and Cloud Security Alliance, and is a globally recognized credential representing the highest standard of cloud security expertise. The certification attests to deep, up-to-date knowledge and hands-on experience with cloud security architecture, design, operations, and service orchestration.

To qualify, candidates must already possess a minimum of five years cumulative, paid, full-time work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the CCSP Common Body of Knowledge (CBK).

The need for such actions might seem self-evident, but as is often the case in busy, high-tech companies, the human touch goes missing due to the sheer busy-ness of the operation. What cannot be overlooked, however, is that this type of “human-touch” is not superficial feel-good verbiage. It is the tangible proof that a company’s most valuable asset – its data – is safe.

A recent report released by the Enterprise Management Association (EMA) points out that “annoyance with lack of vendor support” is a key source of disappointment among customers. It continues, “executives were not aware that the monthly or annual subscription they purchased did not include full support…[and even] customers purchasing higher-end support may still have difficulty getting access to adequate levels of hands-on expertise.” This is another example of where CSPs can “drop the ball.” The consequent disappointment felt by a nervous customer will radiate out into its sense of trust, and this has the capacity of completely destroying whatever reputation the CSP has already worked hard to build.

It may be unfair to suggest that a CSP drops a few points down the scale even when its security is already top-notch. But this is the truth of the matter. Customers must feel confident, and if the evidence of rock-solid security is not there, they won’t. Negative experiences tend to turn customers’ eyes either toward the horizon, looking for a new supplier to take care of the next stage of their cloud journey, or inwards, to bring everything back in-house.

A CCSP provides a CSP with some of the transparency and credibility skills to mitigate this risk, and ensure the relationship between CSP and customer remains as secure on the trust front as it does on the technical one.

Interested in learning more about the CCSP certification? Download the Ultimate Guide to the CCSP or visit the (ISC)² website at www.isc2.org/ccsp.

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website
Cloud Migration Strategies and Their Impact on Security and Governance

Cloud Migration Strategies and Their Impact on Security and Governance

Cloud Migration Strategies Public cloud migrations come in different shapes and sizes, but I see three major approaches. Each of ...
Multi or Hybrid Cloud, What’s the Difference?

Multi or Hybrid Cloud, What’s the Difference?

Multi Cloud You’ve likely heard about the latest trend in cloud computing commonly referred to as multi-cloud, and it is ...
Server-less Computing Necessitates A Significant Mind Shift

Server-less Computing Necessitates A Significant Mind Shift

Server-less is More The author of the Pied Piper of Hamelin, Robert Browning, is one of my favorite English poets ...
Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a ...
Numeraire Cryptocurrency

Digital Cashless Society: Dystopian Nightmares or Utopian Dreams

Digital Cashless Society A truly digital cashless society was long the realm of dystopian nightmares (or utopian dreams depending on ...
Finding and Implementing Startup Tools

Finding and Implementing The Right Tools For Your Startup

Implementing Startup Tools Many startups believe implementing cloud tools help reduce operation costs as well as the time taken to ...
Teradata Board of Directors Strengthens Cloud Expertise

Teradata Board of Directors Strengthens Cloud Expertise

Joanne Olsen brings significant cloud experience, including a mix of sales, support and product management Teradata (NYSE: TDC), the leading cloud-based data and analytics company, today announced the election of Joanne Olsen to its board of directors, ...
NVIDIA Opening AI Research Lab in Toronto, Following Move in Seattle

NVIDIA Opening AI Research Lab in Toronto, Following Move in Seattle

Toronto is a thriving hub for AI experts, thanks in part to foundational work out of the University of Toronto and government-supported research organizations like the Vector Institute. We’re tapping further into this expertise by investing ...
Tainted, crypto-mining containers pulled from Docker Hub

Tainted, crypto-mining containers pulled from Docker Hub

Security companies Fortinet and Kromtech found seventeen tainted Docker containers that were essentially downloadable images containing programs that had been designed to mine cryptocurrencies. Further investigation found that they had been downloaded 5 million times, suggesting that hackers were ...