How bulletproof is your cloud? Part 4: Compliance

Welcome to the final edition of our four-part cloud series. So far, we’ve taken a look at how to find the right provider, one that: Has a customer-centric culture, is compatible with your organization, and provides stability in a sea of change.

Now, we turn our sights to compliance.

The best way to believe in something is to see it with your own eyes. The second-best way is to have someone you trust see it and give you a thumbs-up.

A second set of eyes

Want to know whether your cloud services provider is actually delivering the software, SLAs, services and security it says it will?

Ask. If the answer you get isn’t codified in a contract or evidenced in a third-party report, be prepared to do some digging.

Even if your provider is forthcoming with the information you ask for, the list of what it actually delivers is longer than you realize (trust me on this), so it may not make much sense for you to see it with your own eyes – contract, report or otherwise. Besides, you might miss something.

Auditors won’t.

Your trusted “second set of eyes” in the services world are the auditing agencies and the compliance reports to which they attest, such as SSAE16 SOC I, SOC II and III, PCI and ISO – reports your services provider should be familiar with. A SOC report in-hand goes a long way when it comes time for you to justify the integrity of outsourced services to your end users, IT staff, executives and those who are auditing your processes.

The bottom line: Never be afraid to ask. You need the answers and your cloud service providers (the ones who listen to their customers) will appreciate knowing the scope and extent of your compliance requirements.

My advice: Do this diligence before you ink a contract, even if you don’t have a current need for compliance with your provider. Most compliance attestation periods span six months or a year. Make it a point to request copies of your provider’s reports.

Building an invincible cloud

When it comes to the cloud, you’ve got choices. Thanks to the competitive landscape, many of these choices will measure up to the scalability, uptime, high availability, speed and security standards you require. In an otherwise flat-value-proposition landscape, there will be significant variation in quality and corresponding hefty costs associated with recovery from failed or short-term provider relationships.

Provided you make the right choices, these costs are avoidable, and that’s where it pays dividends to look for the anomalies of quality: Customer-centric culture, high compatibility, options for stability and a healthy compliance record.

Remember, “bulletproof” is as much about what a services provider stands for as what it advertises.

Simply put, it’s what’s holding up the armor that counts.

Thanks for reading this series. To find out more, click here.

Robert hails from our Olathe office and is a 14-year Hyland (Perceptive) veteran of the cloud services world. Most recently, he's been tasked with bringing focus to operational improvements and efficiency as our director of strategy and project governance.
Robert Tipton

Robert Tipton

Robert hails from our Olathe office and is a 14-year Hyland (Perceptive) veteran of the cloud services world. Most recently, he’s been tasked with bringing focus to operational improvements and... read more about: Robert Tipton