securitylinkindia

9 Factors to Consider While Selecting the Right Cloud Service Provider

By Vikas Bhonsle, CEO, Crayon Software Experts India As more and more IT systems are outsourced, zeroing in the best cloud providers is critical to long-term success. The market is already vast, with different brands offering large numbers of services. Apart from the big providers like Microsoft, Amazon and Google, there are also smaller niche players, who provide bespoke services. With too many choices to opt from, you must put down the selection and procurement process appropriate as per the needs. The right time to select a cloud provider I t is significant to understand the requirements of a business before choosing a cloud service provider. Clarifying the specific requirements and minimum expectations in advance, while assessing providers ensures that they are compared against the requirement checklist and not against their competitors. It is a faster way to narrow down the list of providers. With more clarity on the requirements such as technical, service, security, data governance and service management, you will be better prepared to interrogate and negotiate with your potential providers. Common areas to focus while choosing a service provider Apart from the unique requirements that a company will have from a cloud provider, there are some common areas of focus during any service provider assessment. 1. Certifications & Standards Providers must comply with recognised standards and quality frameworks, which demonstrate adherence to industry best practices and standards. This may not only help to determine which service provider is best to choose from, but they can be very helpful in shortlisting potential suppliers. 2.Technologies Integration & Migration Services The cloud provider’s technology must support the cloud objectives of your organisation. Assess what migration services they can provide and how much customisation is required to integrate with their platforms. In the case of some providers offering limited services, understand if any third party support is needed and if the platform provider can recommend any that have experience and extensive knowledge of the target platform. 3.Support For SaaS (Software as a Service) providers, a roadmap of features, service and integration is highly desirable. Depending on the particular cloud strategy, companies may also want to evaluate the overall portfolio of services that providers can offer. If you plan to use separate services from a broad mix of providers then this is not very relevant, but if the preference is to use only a few key cloud service providers, it is important for the providers to offer a good range of compatible services. 4.Data Management Data management and security are currently of foremost importance. You can opt for providers that give the best choice and control regarding the jurisdiction in which the data is stored, processed and managed. Cloud service providers should be transparent about their data centre locations, but you should also be proactive in finding this information. Assess the data encryption strategies of the provider and the measures that they take to protect data. Look to understand the provider’s data loss and breach notification processes and ensure they are aligned with your organisation’s risk appetite and legal or regulatory obligations. 5.Service Dependencies & Partnerships Certain factors such as the service provider’s relationships with their key vendors, their accreditation levels, technical capabilities and staff certifications can be crucial in choosing the best provider. It is pivotal to uncover any service dependencies and partnerships involved in the provision of cloud services. For example, SaaS providers will often build their service on existing IaaS (Infrastructure as a Service) platforms. Thereby, it must be clear how and where the service is being delivered. 6.Contracts, Commercials & SLAs Cloud agreements and SLAs should specify how issues should be identified and resolved, by whom and in what period. Look for a clear definition of the service and deliverables. Get clarity on the roles and responsibilities relating to the service (delivery, provisioning, service management, monitoring, support, escalations etc.). Scrutiny of these terms is vital, as often service credit calculations are complex – ask for worked examples or give all shortlist providers the same imaginary downtime scenario and compare different compensations offered. 7.Reliability & Performance Several methods can be employed to measure the reliability of a service provider. First, check their performance against their SLAs for the last 6-12 months. Secondly, know how the provider deals with downtime, as it is inevitable with most cloud services. Also, there should be documents and proven processes for dealing with planned and unplanned downtime. Get clarity of their methods and practices of communicating with customers during times of disruption. This includes their timeliness, how do they prioritise and what is the severity level assessment of issues. 8.Migration Support, Vendor Lock in & Exit Planning Cloud providers may use proprietary technologies, which lead to vendor lock-in during exit, meaning that a customer cannot easily transit to another provider, as the technology will not be compatible. It can impact portability to other providers or in-house operations. It is especially true if applications have to be re-architected in order to run on a service provider platform. It is eliminated by ensuring that the chosen provider has minimal use of proprietary technology. Similarly, ensure there is a clear exit strategy in place at the start of the deal. Moving away from one cloud service provider isn’t always an easy or smooth transition, so it’s worth knowing their processes before signing a contract. Furthermore, consider how the data will be accessible, what state it will be in and for how long the provider will keep it. 9.Business health & Company profile Assessing the technical and operational capabilities of a potential supplier is important. At the same time, the provider must be in the best financial health and profile. The most compatible or competitive cloud service is immaterial if the provider doesn’t have a sound business. Contractual assurances and good intentions cannot save the day, if the providers get into financial troubles and do not have the resources to refund the losses. Check if the organisation has had entangled legal history and how they have been…

Read More

Multi-Factor Authentication – A Much Needed Safety Net Against Cyberattacks

Shibu Paul, Vice President – International Sales at Array Networks 2021 is the dawn of a new decade, with the new decade the Indian tech industry is ready to witness a revolutionary change surrounding various factors and one of the most important factors that is to undergo this change is ‘cybersecurity.’ This change is validated with the continuous emergence of reports on the increasing number of cyberattacks against India’s government agencies, private organizations and individual users. According to a report by Kaspersky, India witnessed 36 million cyberattacks between January and November 2020, whereas the number of attacks in 2019 for the same months was 18 million. This only emphasises the need for a better cybersecurity measure to be brought in to keep the data safe from cyberattacks. multi-factor authentication (MFA) is one of the best ways to keep threat actors at bay. In 2020, many organizations had to do a complete overhaul of their cybersecurity measure, a few other organizations had to rejig their security features, especially with remote working culture coming into the picture. All of this leads to one problem – IT Complexity. The best solution for IT administrators is to provide easy safety access for employees who are remotely logging in. Using Array’s AG series secure access gateways, organizations can provide tokenless, secure and easy-to-use multi-factor authentication. Through interoperability with 3rd party dual and MFA solutions, the AG series adds an additional layer of defense against unauthorized access and misuse of data and applications. Using this, administrators can adapt the level of support needed using contextual information such as login behavior patterns, geo-location and type of login system being accessed. Many a time threat actors find it easy to breach the security set up by IT administrators due to the loopholes that come into existence as a result of complex cybersecurity setup. If MFA is provided at the user end, there will be an additional security that will help the users prevent any sort of breach from their end. This will in-turn help in avoiding identity theft, use of stolen credentials, avoiding data breaches due to malicious attacks and so on. While firewalls and antivirus solutions keep the systems safe via backdoor entry, it’s MFA that guards the front doors. As per global multi-factor authentication (MFA) market report, the MFA market revenue which was $8,967 Mn in 2019 is estimated to reach $16,105 Mn in 2025, with a CAGR of 10.25% during 2020-2025, thus showcasing the opportunity and the demand MFA is set to rise in the next five years. This leads to the question of why now more than ever MFA is of importance. MFA is easy to implement and is considered an inexpensive security add-on by IT administrators. It is considered beneficial as it will enhance the organization’s security by requiring users to identify themselves by more than a username and password. Using MFA an organization can achieve compliance, increase flexibility and productivity by bringing-in stability with streamlining login process and it complies with single sign-on (SSO) solution. While providing cybersecurity is now a complex matter since the threats posed by the actors is equally proportional in complexity, a simple add-on such as multi-factor authentication helps take users and organizations one step closer towards keeping the data safe.  

Read More