Choosing the Right Cloud Provider: The Importance of Security Assessments

Written by

Organizations continuously implement various technologies to improve their information security level, but how can businesses decide which solution is right for them to purchase and use? Choosing poorly can have devastating consequences, as the wrong service can generate more security risks than it is supposed to solve.

It’s easy to point the finger at buyers for poor choices and faulty purchases, while in reality, it’s not necessarily their fault. They often choose the wrong solution due to over exaggerated promises, misleading descriptions and unfounded claims made by some service providers in the industry. The security market is extremely competitive by today’s standards and as a result, service providers constantly try to one up each other, often at the expense of their customers, who can end up feeling rather confused and dissatisfied.

While most providers claim to have data confidentiality as a top priority, their security descriptions and privacy policies are often light on specifics. Very few providers offer solid evidence of data security, making organizations rely solely on trust in the provider’s claims. That’s where a security assessment comes in; an objective third party can help to reduce customers’ trust dependency on the service.

This is a highly demanding process where the entire product is thoroughly examined and evaluated based on all the technological security claims the provider has made. In practice, many providers back down from such assessments as it could expose potential security flaws.  

What Makes a Good Assessment?

Security assessments mainly consist of three sections:

  • Penetration tests measuring how secure the technology is and how difficult it makes it for external malicious parties to gain a foothold
  • Source code review looking into the core of the technology to see if it truly operates as it is meant to without generating unnecessary risks
  • Market edge & key differentiator review evaluating the most praised features of the service provider and to validate their claims with solid evidence

What’s the Take-Away From All This?

Information and data security is one of those things that is rather easy to talk about, but extremely difficult to prove and validate. Providers who undergo a thorough security assessment by an independent third party demonstrate their commitment to data security and can offer solid evidence that they actually do what they claim to. Therefore, businesses should opt for providers who have this evidence, otherwise they would have to rely solely on trusting the provider’s claims.

Tresorit, the end-to-end encrypted file sync and sharing solution, recently underwent an independent security assessment to provide its customers with a true feeling of security. If you wish to read the Evaluation Summary of Tresorit’s Security Architecture, you can download it here.

Brought to you by

What’s hot on Infosecurity Magazine?