Are Third-Party Assessments of Cloud Providers Important?
With new privacy laws being passed, like PIPEDA, California’s AB 375 or the GDPR, you need to know where, why and how your data is being stored on a cloud. This is why third-party assessments of cloud service providers are important. Without them, you are putting a lot of trust into a cloud service provider’s privacy claims.
Amongst other things, a third-party assessor can provide an unbiased report card on how reliable and up-to-date a cloud service is. This helps flag potential compliancy issues or spotty compliance records. Based upon their report, a third-party assessor can also recommend whether it is wise to move forward with the concerned provider.
Since staying afloat on a sea of ever-changing privacy rules and regulations, like the PIPEDA, can be difficult in-house, third-party assessments can help take some of the pressure off. Third-party assessors are up-to-date on the latest certification programs and are trained to scrutinize any security claims a cloud service provider might be making.
What are SOC reports?
A ‘Service Organization Control (SOC)’ report is the type of report card many third-party assessors use. For cloud service providers, this type of report is a ‘SOC 2’ report and it offers a particularly rigorous assessment of a cloud provider and their effectiveness to their clients. Objective findings of the cloud provider, like whether they apply encryption to data, provide a three-dimensional view of whether the provider is equipped to protect the data of its clients.