security-community

How Security Certification Helps Cloud Service Providers Stay Transparent and Credible

Security Certification Helps Cloud Service Providers

If you are a cloud service provider (CSP), you know your customers have a choice as to who to work with, but do you know what will help tip the scales in your favor? It’s not just robust security or scalability. Much of your credibility will come from a heightened level of transparency that will resonate with the internal IT department and the C-suite.

It is a given that the concept of cloud technology has become more normalized over the past few years. Most companies now have a plan in place for migration and operation, and much of the discussion centers around which types of cloud to focus on: private, public or hybrid, and who to use as the provider. But this still requires a commitment on the part of a company to let go of its data and its processes, and hand it all over to an outside party.

Consequently, this places a requirement on the CSP to not only make good on the physical end of the deal – having a robust and secure platform to host the data – but also to remain transparent and provide solid evidence of its trustworthiness. A key point here is that robust security is not enough. There must be clear proof of this security, delivered in a fashion and frequency that will satisfy. It is not negotiable.

Part of the reasoning may stem from high-profile leaks and breaches that occur with disturbing frequency, but a major part of the concern will come from the fact that CSPs are external companies with their own rules and governance. Clients will constantly worry about a cloud provider’s ability to remain secure and reliable in all areas of its operations, and they will compare it to what they know best – their own in-house rules, regulations, and security. A CSP that fails to prove that it is equal or better than their clients’ own systems will not succeed.

The Problem with Being Focused on Security

Often a company that is a specialist in one area will inevitably lack somewhere else. It is expected that a CSP will focus intently on robust security, scalability, and accessibility, but this makes it easy for it to overlook the bedside manner that clients expect. Also branded as “customer experience” (CX), bedside manner is the art of communicating with the client and managing their customers’ expectations and worries. CSPs must be able to deliver on this.

Rich Campagna ‎the CEO of cloud security provider Bitglass. “If you compare cloud security to premises security,” he says, “often the two types of services are solving similar issues with similar technology, like encryption and data. But the big challenge and difference with cloud is that in the premises world you can stack or layer many security technologies together, which you cannot do in the cloud.” This is just one example of the types of security concerns a customer will experience, and which need to be clearly communicated by a CSP to prove they have a better, more secure method.

The CCSP

With security being such a multi-layered and ever-evolving challenge, it only makes sense that a cloud service provider should reach out and work with cloud security specialists whose sole purpose is to be the go-to expert and problem solver. This is precisely what a Certified Cloud Security Professional (CCSP) does.

In addition to a wealth of up-to-date technical knowledge around security issues and threats, a CCSP can also deliver strategic awareness and communications skills to the CSP’s management team. This in turn can help the CSP to communicate, strategize, and deliver to their own customers the necessary evidence of superior security and permanent transparency.

The CCSP designation was co-created by (ISC)² and Cloud Security Alliance, and is a globally recognized credential representing the highest standard of cloud security expertise. The certification attests to deep, up-to-date knowledge and hands-on experience with cloud security architecture, design, operations, and service orchestration.

To qualify, candidates must already possess a minimum of five years cumulative, paid, full-time work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the CCSP Common Body of Knowledge (CBK).

The need for such actions might seem self-evident, but as is often the case in busy, high-tech companies, the human touch goes missing due to the sheer busy-ness of the operation. What cannot be overlooked, however, is that this type of “human-touch” is not superficial feel-good verbiage. It is the tangible proof that a company’s most valuable asset – its data – is safe.

A recent report released by the Enterprise Management Association (EMA) points out that “annoyance with lack of vendor support” is a key source of disappointment among customers. It continues, “executives were not aware that the monthly or annual subscription they purchased did not include full support…[and even] customers purchasing higher-end support may still have difficulty getting access to adequate levels of hands-on expertise.” This is another example of where CSPs can “drop the ball.” The consequent disappointment felt by a nervous customer will radiate out into its sense of trust, and this has the capacity of completely destroying whatever reputation the CSP has already worked hard to build.

It may be unfair to suggest that a CSP drops a few points down the scale even when its security is already top-notch. But this is the truth of the matter. Customers must feel confident, and if the evidence of rock-solid security is not there, they won’t. Negative experiences tend to turn customers’ eyes either toward the horizon, looking for a new supplier to take care of the next stage of their cloud journey, or inwards, to bring everything back in-house.

A CCSP provides a CSP with some of the transparency and credibility skills to mitigate this risk, and ensure the relationship between CSP and customer remains as secure on the trust front as it does on the technical one.

Interested in learning more about the CCSP certification? Download the Ultimate Guide to the CCSP or visit the (ISC)² website at www.isc2.org/ccsp.

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website

CONTRIBUTORS

Principles of an Effective Cybersecurity Strategy

Principles of an Effective Cybersecurity Strategy

Effective Cybersecurity Strategy A number of trends contribute to today’s reality in which businesses can no longer treat cybersecurity as ...
As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

As Enterprises Execute Their Digital Strategies, New Multi-cloud Landscape Emerge

The Multi-cloud Landscape The digital universe is expanding rapidly, and cloud computing is building the foundation for almost infinite use ...
Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in ...
The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

WikiLeaks’ Vault 7 If you haven’t heard of the Vault 7 WikiLeaks data dump, you’ve probably been living under a ...
Imminent IoT Eye-Tracking Technologies To Transform The Connected World

Imminent IoT Eye-Tracking Technologies To Transform The Connected World

IoT Eye Tracking Smelling may be the first of the perceptible senses, but the eye is the fastest moving organ ...
4 Open Source Business Intelligence Tools For Big Data Reporting

4 Open Source Business Intelligence Tools For Big Data Reporting

Open Source Business Intelligence Tools It’s impossible to take the right business decisions without having insightful information to back up ...
AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility Earlier this week, AWS S3 had to fight its way back to ...
What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) ...
What’s Next In Cloud And Data Security For 2017?

What’s Next In Cloud And Data Security For 2017?

Cloud and Data Security It has been a tumultuous year in data privacy to say the least – we’ve had ...
Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and ...

NEWS

U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

DOWNERS GROVE, Ill., Dec. 8, 2017 /PRNewswire-USNewswire/ -- New hiring in computer and electronics manufacturing and technology services and custom ...
Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...
Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...