Some days ago, a column titled 'Trust in Cloud' was published at Cinco Días [Spanish]. In this column, it is highlighted something we completely agree on: "Cloud service and provider selection is an strategic option that impacts on companies' business".
For this reason, the author suggests considering the following aspects before taking the decission:
- security and certification levels as, for example, ISO 27.001
- service maturity level
- financial estability
- physical location, and
Between all of them, a half (availability, security, financial estability and compliance) are elements included in leet security rating and the rest, except physical location, are operational aspects (connectivity, performance and service maturity) that, obviously, have to be considered by the potential cloud customer.
For this reason, we consider that using rating is a tool that simplifies the use of cloud services due to, besides, it allows identify different levels (five) in maturity and robustness of controls and the resilience mechanisms implemented by the provider.
You can follow us on twitter.com/leet_security