Cloud (Cost + Trust)

Cloud providers benefit statement boils down to only two variables that matters to you -

COST + TRUST

You may look at this and agree, say this seems obvious. Then again you might consider this model too simple and wonder what about flexibility, elasticity, feature/function and other cloud benefits that influence moving to the cloud.

These are all important, but in my humble opinion, cost and trust are the most important two lynch pins for selecting a cloud provider, and you need to expect service providers to provide both effectively, be willing to provide both with equal fervor, and honestly disclose their position. 

COST
Moving to the cloud proposes the single best opportunity to reduce overall IT and operational costs. Today all organizations, from your gardener, hair stylist, and even big organizations like Nordstrom, Exxon, Starbucks, and even all the three letter government agencies are faced with the stark reality that cloud computing will reduce cost of their operations. This is the big leaver that cloud providers use to draw in customers. Lower the cost, increase your market dominance. But cost alone should not be enough to make such an important decision.

TRUST
 How to pick a provider to service an organizations need? Do you just run out and get services from Google, Microsoft, or Amazon? Are these providers the most trustworthy? The complexity to pick a provider that is best for you should not be a flip of a coin. But how can trust be measured?

Finding the right provider

I'm a huge advocate of an unbiased, and neutral third party providing us the ability to find the best cloud provider partner. Today Compliance is used by providers to provide evidence of trust, but this can be a complex and sometimes difficult to validate… for instance ask your provider for a copy of their latest SOC2 report? My guess is it will be hard to possibly impossible to get the full report….

So what can you do before you buy?
As a result I think a not for profit like the Cloud Security Alliance's is needed to fill the gap and provide the intelligence needed to understand an organizations trustworthiness.
Good news is that he CSA has been maintaining an open set of compliance reports in their STAR program, or Security, Trust and Assurance Registry program. 

This registry is currently the only single public repository of cloud providers outlining how cloud providers view themselves as it comes to trust. Many big providers such as Microsoft, Amazon, Box, HP, as well as smaller specialty cloud solutions such  Everbridge and PODfather ltd. Are currently listed on the STAR.


What the STAR provide is the ability to review (at your leisure) how the providers stack up amongst each other. Also provides an opportunity to validate that 'sales' guys statement about the cloud solution promises…. Before you buy, I'd recommend you make sure that validate that you can truly trust your cloud provider?

Comments

Post a Comment

Popular posts from this blog

2020 predictions

Image
2020 is coming upon us, and it's time to reflect on my 2019 predictions I made, and look forward to this coming year with another technology prediction. So let's get started - first off - a lookback to see  progress in the areas I outlined, possibly no earth shattering results, but progress.  2019 retrospective - New UX - probably not as much evolution as I would have wanted to see in this area. For now, we use windows, android, IOS, and it's pretty much the same UX as it's been for a while. IoT the simple assistant - IoT continues to be the hot area of growth. I consider this more evolution than revolution. As we see IoT based technology being embedded into more and more devices. Cloud growth advances in   astonishing speeds - This past year all three cloud providers made strides in the cloud worth noticing.  AWS entered the quantum computing market with Bracket, introduced an in-house...
Read more

Secure workstation - Root of trust to manage the cloud

Image
Two months ago I introduced the Azure secure workstation, and I’ve had the privilege to present the ideal to some great audiences. From the discussions, a common question I’ve been asked is a pattern that would provide the Secured PAW model lock down scenario to exclusively manage an Azure Portal (EG how to I assure only secured workstation, and users assigned to the program can manage my cloud services)? In this article I’ll provide the NEXT step to accomplish exactly that outcome. This includes additional configurations that I only lightly covered, or net new technology to apply since the publishing of the doc. Proposed outcome “ How do I” Use a Secured workstation (that I can trust) to manage my Azure cloud. Here’s how I would deploy the solution. First I will start by deploying the Secured Workstation model this using the secured profile. New technology, and capabilities to add: Hardware root of trust – in our solution we post the idea that you can...
Read more

What is the Security Threat Landscape in 2024?

Image
 I was working up a question that I thought would make a great blog. the question is in 2024 what is the the security threats landscape? Here's the key take aways that I considered. Proactive Mindset : Today’s threat landscape demands a proactive mindset. Organizations are moving away from reactive security measures and are instead focusing on identifying potential intrusion points and actors before an incident occurs . Cyber Threats evolving : Cyber threats are leveraging AI, exploiting vulnerabilities in mobile and cloud platforms, and targeting data breaches. The rise of connected cars has led to concerns about automotive hacking. Ransomware attacks have become more sophisticated, causing significant damage to organizations. The proliferation of IoT devices on a 5G network presents new security challenges. As systems become more integrated and automated, they also become more vulnerable to cyber threats.  Remote Work and Digitization : The rush to adapt to pandemic-inspired...
Read more