Events , Video

How to Properly Vet Your Cloud Provider

Attorneys Francoise Gilbert, Ellen Giblin on Vendor Management
How to Properly Vet Your Cloud Provider

Too often enterprises fail to adequately vet their cloud service providers, which can create security vulnerabilities, according to IT security lawyers Francoise Gilbert and Ellen Giblin.

See Also: API vs. Proxy: Understanding How to Get the Best Protection from Your CASB

When Gilbert asked executives at one cloud service provider what type of security plan it offered, they responded: "'Oh, that's not a problem; we are putting all the data in the cloud, someone else's cloud,'" she says in a video interview with Information Security Media Group at the 2014 RSA Conference. "And they were totally clueless."

Giblin says this is especially true of start-up providers. "It's a culture issue as well," she says. "The start-up environment becomes its own culture. ... They hear, 'Oh, you don't have to do all that. You can just put it in the cloud. So, that becomes like a mantra."

In the interview, Gilbert and Giblin:

  • Advise enterprises to conduct a risk assessment as part of contracting cloud services;
  • Explain why enterprises often fail to assess properly their service providers; and
  • Outline steps to take to properly vet providers through vendor management.

Gilbert is founder and managing director of the IT Law Group. Giblin is privacy counsel for the Ashcroft Law Firm.


About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network