While cloud computing has opened channel partners and service providers to new revenue streams, and given end users new technology and budget options, there are inherent risks that require informed decision-making.
The MSPAlliance, an association of cloud and managed services providers, has issued guidelines to help organizations decide where to store their data and determine who may access it. The guidelines are based on the MSPAlliance's Unified Certification Standard for Cloud & Managed Service Providers, its Code of Ethics and Conduct and its Consumer Bill of Rights.
The suggestions include:
- Communicating to businesses about where their data are located;
- Disclosing to customers of any third parties who may have meaningful access to that data;
- Establishing controls that govern how third-party service providers should handle sensitive customer data;
- Controlling how service providers deal with both public and private cloud environments;
- Imposing transparency requirements for service providers when communicating with customers and prospects about sensitive data; and
- Instituting ethical, financial and security controls governing how service providers handle customer data.
“The MSPAlliance guidelines are very important for businesses if they want to know how to protect their data in the cloud," said Michael Corey, CEO of Ntirety and an MSPAlliance advisory board member. “If you leave your house and want to protect what’s inside you use a lock. Business data should be no different."
The MSPAlliance will dive deeper into the guidelines via a white paper slated for availability this summer.