Most things in life are not guaranteed. That saying is especially true for IT services firms. Profits can be allusive to new entrepreneurs, customers may not pay on time, or at all, and the suppliers they rely on can fall short of their promises. Not all the time, but VARs and MSPs hear enough horror stories from their peers to cause at least a little concern.  

Fear of the unknown (or at least the stress associated with it) can be even more concerning to your customers, who often know little about the solutions and systems that keep their business running. They depend on their providers to vet all the IT variables and make the right recommendations, to design and implement the best solutions for their particular needs and, perhaps most importantly, stand behind it when something goes wrong.

Security is a big part of those concerns on both sides, and the rapid growth of the cloud continues to add to the unknown variables that solution providers and their customers face. Information that was once contained in the four walls of a business and in secure offsite locations (under the firm management of the company or a trusted protector), could now be roaming through cyberspace or hosted in questionable data centers.

Who has access to the facilities and data, and what backup measures are in place? What assurances do you and your customers have that their valuable information and applications are being well protected by your cloud suppliers? The answers to those questions can be hard, if not impossible, to find. 

Ask the Right Questions

One way to ensure your cloud providers have adequate security measures in place is to ask the hard questions yourself. Your clients are counting on you, your team and your company to ensure their systems and data are safe, so there has to be real integrity in your vendor vetting process. If their representatives can’t (or won’t) answer these questions or address any concerns in an open, honest discussion, proceed with extreme caution:    

• Are network perimeter and endpoints protected from unauthorized and unencrypted access?
• Do they perform employee background checks?
• Are data classifications regularly managed?
• Does the company have a security policy that covers all aspects of information security?
• Are they adhering to applicable regulatory compliance requirements?
• Where are the company’s data centers located?
• Can I get my data back if something goes wrong?

Your clients may have other objections related to the cloud that these questions don’t address. Security and compliance are the most common concerns, but solution providers won’t truly know unless they ask. 

An easier way to ensure that your cloud suppliers are following best practices protect the data and systems you manage is to look for the CompTIA Cloud Trustmark+. This recently introduced business credential includes a comprehensive list of security controls and partner management expectations that go beyond the standard industry best practices. Vendors and cloud suppliers that receive this Trustmark must have suitable answers to questions like those listed above. Their application is then validated through a third-party audit.

Providers who partner with Cloud Trustmark+ holders can rest a little easier knowing their supplier stands behind its support, infrastructure and interoperability. More importantly, it shows commitment ─ to VARs and MSPs, as well as their end users. A number of vendors are currently undergoing the credentialing process and a few early adopters have already received theirs. Are your key cloud partners meeting the same respected industry standards they are? Be sure to ask…