Part 3 – what you should look for when choosing a cloud security provider.
In the first two parts of this 3-part blog we highlighted the importance of choosing a financially secure and stable organisation; one that you can trust with your data and the protection of your people and information from a constantly changing threat landscape. Here are some of the other important things to look for when choosing your security services provider.
Service level agreements are extremely important. Someone else is processing your emails and web traffic, both of which are business critical, so look for SLAs around all aspects of the service. Read past the headline SLAs to ensure that they are backed by meaningful, financial remedies. The provider should be transparent and publish their performance against the SLAs. This is how you can be sure that they are confident in their own ability to execute.
It’s all about security so makes sure that your provider understands the threat landscape and how to build protection technologies to combat the ever changing threats. Many just use third party anti-virus engines, which you could do yourself. One of the reasons for choosing cloud security is that it should offer superior protection because of the intelligence available to the provider. Look for SLAs around virus protection.
The provider should have security controls in place and certifications like ISO 27001. Your data is being processed by a third party so make sure you assess their security posture. They should be able to provide documentation outlining what measures they take.
The service must be highly available so that continuity of email and web access is assured. One of the key benefits of using a service is that you don’t have to purchase your own highly available, redundant infrastructure. Your provider should have a global infrastructure, process your email and web traffic across multiple data centres in different geographies and fail over seamlessly in the event of an outage. Ensure you get a 100% availability SLA.
The service must not introduce excessive latency that delays email receipt or, more importantly, adversely impact users’ surfing experience and productivity. The provider should be managing their infrastructure capacity to ensure minimal latency of email and web traffic. Look for an SLA around latency.
You need to realise a low total cost of ownership so your security services provider must understand how to deliver the service to you in a cost effective manner. Putting enterprise-class appliances into a data centre will not work in the long term. The provider should have built a true multi-tenant infrastructure that cost-effectively scales to meet the needs of all of their customers.
These are some of the more important considerations. For further information and resources to help you choose the right security services provider for your needs see the Symantec email and web security product pages: