Businesses must ask CSPs difficult questions to ensure a safer cloud

APM Group to talk the benefits of CIF Code of Practice at Infosecurity Europe 2014.

Mitigating the security risks of cloud computing starts with selecting the right Cloud Services Provider (CSP). This is the topic that the APM Group, the Cloud Industry Forum’s independent certification partner, will address at Infosecurity Europe this year. According to the organisation, whilst end users will still need to exercise caution and conduct their due diligence, the CIF Code of Practice can assist in the selection process.


Richard Pharro, CEO of APM Group, said: “Security is typically cited as an obstacle to the deployment of cloud solutions, but, in general, the perception that cloud has heightened security issues is unfounded. In truth, data is not inherently more insecure in the cloud than on premise. It all comes down to what safeguards there are, be they technical or legal.


“CSPs will often have more robust and up-to-date security than their customers, in particular SMEs, who often have limited full-time IT resources and struggle to keep up to date with security issues and fixes. Maintaining the best levels of security and service reliability are part of the core business proposition of every CSP, for if they fail at that they have very little else of value to offer the marketplace.


“Good security does, however, start with choosing the right provider. You shouldn’t be afraid of asking prospective CSPs tough questions about how your data will be kept secure. For example, what mechanisms the CSP operates in regard to access control, data storage, and data in transit to ensure compliance with data protection as well as offer effective security and sovereignty? If they can’t satisfactorily answer these questions, I’d suggest that you keep looking,” Pharro continued.


The Cloud Industry Forum has established a Code of Practice for CSPs to make the selection process easier. It aims to standardise enterprises offering cloud services to provide assurances for end users looking to migrate to the cloud.


“The Code of Practice is a credible, certifiable tool that allows CSPs to demonstrate they meet specified requirements of transparency, accountability and capability. Providers that have certified against the Code have demonstrated their compliance with industry standards of best practice with regard to transparency and capability; so opting for a CSP that has certified against the Code should bring peace of mind, ensuring that your data is protected in the cloud,” he concluded.
 

Keepit's survey highlights the risks of relying solely on native SaaS backups, underscoring the...
Hitachi Vantara offers new storage solutions on Azure for improved management and cost-efficiency.
Nokia is hailed as the leading core network vendor in Omdia's 2025 report, excelling in...
Financial institutions benefit from hosted private cloud solutions, balancing modernisation with...
HANDD Business Solutions teams up with Cloudhouse to modernise legacy systems and protect sensitive...
Node4 launches a partner support program to aid former VMware partners adapt to the changes...
IONOS deploys the latest supercomputing technology for advanced AI and data applications in a...
DE-CIX begins operations in São Paulo, enhancing Brazil's digital connectivity with cutting-edge...