Certification programs are making it easier to know all about a cloud vendor

Third-party assessments can save you the time and money required to verify a vendor's claims for infrastructure and security.

Cloud computing continues to evolve at a rapid pace, and two recent developments are good news for cloud customers who want to be sure that their vendor is all it says it is.

Over a year ago, in November 2011, I wrote a column addressing the question of how customers can verify a cloud vendor's claimed infrastructure and security mechanisms. One way, I noted, is to contractually require the cloud vendor to engage in a standardized certification process, essentially providing third-party confirmation of the cloud vendor's claims.

Standardized certification processes benefit both cloud vendors and cloud customers. The vendor engages in the process once instead of submitting to a separate assessment and monitoring process for each customer engagement. Both the vendor and its customers thus save money, time and staff resources. This approach also increases transparency between the vendor and the customer, ideally leading to improved quality of service.

The first development grew out of something that happened two years ago, when the U.S. government established a "cloud first" policy requiring federal agencies to use cloud services instead of other options where possible. The Office of Management and Budget subsequently established the Federal Risk and Authorization Management Program (FedRAMP) to provide a cost-effective, risk-based approach to support federal agency adoption of cloud services. Development of FedRAMP focused on three process areas:

-- A security assessment process, based on the National Institute of Standards and Technology's (NIST) Special Publication 800-53, for granting authorizations to operate.

-- A FedRAMP authorization repository listing preauthorized cloud vendors.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon