What tips or best practices can you share for monitoring your cloud provider’s security performance on an ongoing basis?
Sort by:
Trust is built on third-party assessments like SOC 2 audits. We validate annually that cloud providers have completed these audits and obtained reports. In the shared security space, particularly with SaaS providers, it's crucial to configure security appropriately. There are solutions like SaaS security posture management (SSPM) that help ensure platforms like ServiceNow and Salesforce are securely configured. While CNAPPs are evolving to include data security posture management, SSPMs are another layer to consider.
Monitoring and relationship management with your cloud provider are key. At a minimum, conduct quarterly due diligence reviews with your providers to ensure expectations are met according to SLAs and other contractual obligations. It's important to consistently monitor critical points of concern and rank them on your risk register. Consistent communication is essential in maintaining a strong relationship with your cloud provider.
The convergence of cloud security platforms is important, as the plethora of acronyms can be overwhelming. Beyond visibility, relationship management is crucial. We view our CSPs as extensions of our tech stack, not just as providers of compute and storage. It's vital to have conversations about risk and business impact with CSPs that are responsive, educated, and able to prioritize our requirements meaningfully. This partnership approach is key to managing the lifecycle of cloud products effectively.