Lack of Due Diligence: How It Can Hurt Your Company - iCorps
Taken narrowly, it means locking down corporate data so no one can steal it, meddle with it, or disrupt it. Taken broadly, it means your systems are reliable. And reliability depends on due diligence.
In fact, due diligence is critical with any enterprise software or information technology investment, including cloud-based solutions you wish to rely on. The trouble is, many companies don’t always do thorough research before hiring a cloud solutions vendor or moving to the cloud.
Sure, people will ask questions about data center or uptime guarantees, but we need to dig deeper.
Think Beyond Technology
Since the cloud trend is Internet-centric, perhaps we get caught up on the technology spin of a cloud vendor, or simply the look and feel of things. For example, the cloud provider has a great looking website, ranks first on search engines, and their apps look great. That’s all good, but ask yourself this important question -- are they going to be around in five years?
What about the stability of the cloud provider as a business? Cloud providers need to be judged like any other partner companies -- on their overall reliability, not just on talk about server clusters or split-second response times.
If the provider you’re considering is only willing to talk bits and bytes, but hesitates when it comes to providing references or insight into business continuity, that’s not a good sign. It could mean they are not the most reliable solutions provider in the market.
True due diligence goes beyond pure technology. To be thorough, you should speak with reference customers, and gauge how reliable a cloud provider is as a business. For example, ask about the vendor’s long term business plan, and what would happen to your subscription if their business faces changes due to unpredictable market shifts.
A secure system, in broad terms, is a system you can count on. This is why you need to ask the broader, non-technical questions.
Why Due Diligence is Essential
The Cloud Security Alliance recognizes the importance of due diligence by listing it on its “Notorious Nine” list of top cloud computing threats it puts out annually. One good piece of advice the CSA list offers is to clarify responsibilities and obligations between the cloud service provider and the user organization. Failure to do so, as CSA rightly notes, creates “mismatched expectations.”
Tech-driven safeguards such as encryption do matter. So does the level of fault tolerance for the solution’s data center, especially with the cost of downtime running an average of $7,900 per minute across industries, according to a survey.
Digging deeper is the secret to avoid the lack of due diligence. For example, it’s pretty common that the cloud solution provider doesn’t actually have its own data center, but relies on a colocation data center to provide the infrastructure. As a result, it’s important to ask which certifications or industry affiliations the cloud provider itself has in place, not only what the “Colo” can boast.
The take away is that the most overlooked cloud security threat isn’t some new virus or the next piece of malware, but a lack of due diligence. A thorough due diligence process is going to lead to a cloud solution you can rely on – which is an essential aspect of security.