10 Questions To Ask When Choosing Your Cloud Security Provider

Establishing and running a successful online presence always comes with some hurdles to overcome. Along with running a business and handling the quality of content, generating traffic and improving conversion rates, there’s also this increasingly important factor – your online security. Tons of researches over the last couple of years suggest that online security concerns and challenges are at an all-time high. Cyber criminals have been using progressively sophisticated technologies and tactics, and in their efforts they often outplay internal IT security capabilities. Keeping internal IT staff up to date with all the security technologies and trends can consume both valuable time and resources, and considering the global shortage of security experts, many companies are looking for specialised security providers to get help on the matter. Today a growing number of organisations is turning to security partners to set up a safe IT perimeter, further fueling the growth of the security services market which is expected to reach $3.25bn by 2018.

A combination lock placed on a laptop keyboard
Image Source

Tweet this: Here are 10 questions to ask when choosing online security providers

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

Once a company decides to involve external help, beside the financial aspect, there’s still a lot of parameters to look after in order to get the best suited solutions in place. To help you streamline the decision process when choosing your online security providers, we’ve put together a list of 10 questions you should get answers to when choosing your online security provider.

1. What are your and my company’s duties in the protection of our data?

When partnering up with a security provider one of the first things to clear up is the amount of responsibilities each of the partner has to take on. It’s important to determine what kind of involvement is required from each side. If you are required to follow certain procedures, it’s good to educate your staff and see how much you security provider gets involved on the matter. Does he follow you through the process “hands-on” or do you just get some guidelines? In terms of risk management, a company plays a key role in protecting their own data but the security provider must provide adequate assurance as well.

2. How will I get set up?

Once you choose and sign a contract with an online security vendor, the next logical step is to log in to your user dashboard and start configuring your account, adding employees as users, setting up permissions and key parameters. There’s a lot of fine tuning to do which can sometimes seem overwhelming as it requires adequate knowledge. Considering the lack of time, staff, expertise and/or resources being the reasons to why you approached a security solution provider in the first place, make sure the setup process doesn’t fire back. Some of them will walk you step-by-step through the whole installation and setup process of their services, while others will simply provide online guides. You should go with a provider that best suits your knowledge and skills or at least offers structured assistance when setting up your security solutions.

3. What level of access to logs will my company get?

Although it may sound simple at first, the level of access to logs should be one of the top concerns when choosing security providers. As the servers will no longer be entirely handled by your staff, it’s important to carefully consider what information will and what will not be obtainable from the provider. Although some information may simply not be as important to your company, it can happen that pieces of crucial data are not available. In that case, you should try to negotiate the level of log access you will be provided with as early as possible.

4. Who will be able to access my company’s data?

Although your data will likely reside somewhere else than within your premises, you definitely have to own and control it. You should look for a provider who uses customer data only to provide them with the services to which they have subscribed and for complementary purposes for providing those services. Make sure your security service provider doesn’t scan customer services, applications or data storages for advertising or other unapproved purposes.

5. Where will all the servers, processes and my company data physically reside?

When choosing your security provider it’s crucial to know where will your data reside. Providers can host all data in their own data centers, some may leverage cloud services and offer a hybrid on-site and cloud solution, while others may handle data on customer’s premises. Considering the increased migration and adoption of cloud services it is likely that you security provider will leverage cloud solutions as well. Although the cloud is considered as borderless, the data still has to reside somewhere in real countries which then have varying privacy and security laws in place. You need to be aware of regulations for both your country and the country where your data lives.
Knowing how each provider approaches the matter is key to finding the best fit.

A digital representation of a world map with interconnected network lines,showcasing a modern,technological theme.
Image Source

Tweet this: Be aware of regulations for both your country and the country where your data lives

6. What is your service level agreement (SLA) for uptime?

Downtime is when services are inaccessible to internet users for a period of time, as opposed to uptime which is the amount of availability your users can expect and you want it to be as high as possible. Many providers offer a 99.9% uptime, which can end up to almost 45 minutes of unwanted downtime per month and end up costing you revenue if your business processes are executed online. Most providers offer a “payback credit” to your account when the SLA is breached. This credit can amount at only a percentage of your monthly fee which is not anywhere near to the downtime costs your business could suffer. Outages can be disruptive and costly, so you want to partner with a provider with as few as possible. Some vendors even provide their downtime history logs online. Selecting a security provider that offers the right uptime guarantee is essential when choosing the right solution for your company so make sure to ask for provider’s track records.

7. How strong is your expertise?

The more expertise and knowledge your security provider possess, the better their performance will be. You want to make sure your data is handled by certified security experts who know exactly how to approach even the most specific issues. Look for provider whose experts are constantly training and improving. You need them to be up-to-date with the latest technologies you find most important for your business. Certifications are not only a measure of knowledge but also a good sign of dedication to excellence. Beyond individual certifications, you can check if the provider is ISO certified as a company. These certifications show a degree of professional approach to safe procedures, discipline and constant improvement.

8. What is the level of customer support I can expect if I side with you?

Today’s global, online economy doesn’t operate within “normal business hours”. The same is valid for cyber threats which are definitely not a “nine-to-five” occurrence. It’s why you should definitely look for a provider that offers quick responses and a proactive approach around the clock.
A good online security service provider will have sufficient resources to provide both remote management and monitoring, along with call support services available 24×7. This can mean handling all security needs daily or just complementing the coverage of internal staff when they’re not available. Without exception, technical support should be accessible online or by phone all day, every day of the week, including holidays. On that matter, find out whether you’ll be interacting with knowledgeable engineers or reps reading scripts when you reach for help.
Other important aspects you should also look into in terms of customer support are the average response and resolution time they can provide.

Smiling woman with headset sitting at a laptop, surrounded by digital graphics.
Image Source

Tweet this: ONLINE SECURITY: Do you talk to engineers or just reps reading scripts when you reach for help?

9. Do you keep a signed trail of which users performed what actions and when?

Setting up a safe IT perimeter is important to keep safe from hackers and external threats, but don’t underestimate the risks that arise from inside your company. It’s why it is important to protect against both malicious and mistaken actions. Find out if your security vendor can provide user action logs in order to track possible internal security mishaps and flaws. Also, when your employees know there is an audit trail, they will be more cautious and focus more on security details. Having an audit trail also greatly helps with troubleshooting and root cause analysis.

What is your exit process?

We all know not all relationships can last forever. It’s why it is important for companies to know exactly how the termination process is executed when ending a cooperation or switching to another provider. Make sure to define the following in your contract:

  • How will the security provider assist with the transition – including providing the company’s data back or to a third party
  • What are the provider’s destruction or electronic shredding policies – you need to have evidence that your data is no longer resident on the provider’s systems
  • Which independent third parties will review and certify the exit process – you have to make sure the exit process is diligently executed and reviewed independently

Final Thoughts

Technology has become so complex and evolves at a rapid pace, which is why it’s no surprise that it can be challenging for internal IT departments to keep up. Security providers can offer different levels of support to meet your requirements, saving  your IT staff from a Herculean task of staying on top of all the changes. As said, there’s an enormous deficit of InfoSec professionals, which is why turning to dedicated online security provider may be your safest bet when securing your online assets. Whether it’s to add capabilities you don’t already have in-house, or you want to shift the burden of operational work off your internal IT staff, at one point you will want to consider taking up professional security provider services. And when that moment comes, make sure to ask the right questions. If you are looking for a solutions to your security issues, feel free to talk to our experts here at GlobalDots as they can help you with everything performance and security related.

Latest Articles

Complying with AWS’s RI/SP Policy Update: Save More, Stress Less

Shared Reserved Instances (RIs) and Savings Plans (SPs) have been a common workaround for reducing EC2 costs, but their value has always been limited. On average, these shared pools deliver only 25% savings on On-Demand costs—far below the 60% savings achievable with automated reservation tools. For IT and DevOps teams, the trade-offs include added complexity, […]

Itay Tal Head of Cloud Services
5th December, 2024
The Future of Cybersecurity: Shlomo Kramer’s Bold Predictions for the SASE Era

What does the next decade of cybersecurity hold? Few can answer that better than Shlomo Kramer—co-founder of Check Point and Imperva, and founder & CEO of Cato Networks. In a candid conversation on the CloudNext podcast, Shlomo shared bold predictions and actionable strategies for navigating the challenges and opportunities ahead. From the rise of SASE […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
4th December, 2024
Three Ways CISOs Can Combat Emerging Threats in 2025

73% of CISOs fear a material cyberattack in the next 12 months, with over three-quarters convinced AI is advancing too quickly for existing methods to combat it. But what can CISOs do to prepare for the coming wave – and access the resources they need to deal with this evolving threat landscape? To find out, […]

11th November, 2024
How Optimizing Kafka Can Save Costs of the Whole System

Kafka is no longer exclusively the domain of high-velocity Big Data use cases. Today, it is utilized on by workloads and companies of all sizes, supporting asynchronous communication between even small groups of microservices.  But this expanded usage has led to problems with cost creep that threaten many companies’ bottom lines. And due to the […]

Itay Tal Head of Cloud Services
29th September, 2024

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services