Are Your Cloud Vendors Paying Attention to Security?

 

Cloud adoption is on the rise: According to International Data Corporation (IDC)’s “Nine Ways to Maximize the Value of Cloud Contracts,” 52 percent of all companies are currently using cloud-based delivery models and an additional 27 percent have firm plans to implement cloud solutions within the next 12 months. However, despite the interest in moving to the cloud, companies still struggle with negotiating contracts for cloud-based services. A lack of transparency and formally defined accountability for security from cloud vendors contributes to customer anxiety.

One of the key challenges for cloud computing customers is to ensure that contracts include provisions for an appropriate level of security. Increased use of cloud services drives a heightened need for cloud vendor contracts to include basic security requirements. Any omission of security-related cloud vendor contract terms can expose your company to avoidable risks.

As Forrester noted in its “Smart Cloud Contract Negotiation Strategies” report, leading cloud vendors typically provide better security than a customer can on its own, but not always. Standards such as SOC 2 and ISO20018 are common, but not everywhere. Therefore, you must implement sufficient contractual protections.