In a time when everyone seems to be attempting to understand the promise of digital transformation, many organizations are migrating their infrastructure to the cloud.
Nevertheless it’s necessary to keep in mind that not all clouds are created equal. One cloud could also be designed utilizing finest practices for safety, however one other would possibly minimize corners, putting your delicate knowledge in danger.
There’s additionally the difficulty of scale. A corporation would possibly begin through the use of only one cloud supplier, however quickly discover itself utilizing dozens—and even a whole bunch—of various suppliers.
Certainly, there are dangers and advantages to cloud knowledge integration and cloud BI suppliers—and it’s essential perceive all of them earlier than transferring to the cloud or selecting a brand new cloud supplier. And a great way to get there may be by asking your self or your potential supplier these questions.
Does the supplier suit your firm’s dimension and safety wants?
Many organizations are topic to a excessive diploma of regulation and are incessantly audited. The cloud supplier should be capable to reveal a confirmed observe file of managing extremely managed and controlled knowledge.
Search for compliance certifications, together with SOC 1, SOC 2, ISO 27001, ISO 27018, HIPAA, HITRUST, GDPR and CCPA.
Compliance additionally contains audits and safety assessments. Domo completes a number of audits and assessments on an ongoing foundation, together with third-party community and system penetration assessments.
The suppliers you have a look at ought to even have a complete audit program in place to assist your group go your individual third-party and regulatory audits.
Can the supplier sustain with change and threat?
Adjustments in cloud software program occur so quickly that by the point your subsequent annual vendor overview comes round the seller could have a whole bunch of latest options. The truth is, some could even have modified their whole know-how stack.
Making certain there are key controls in place to handle this inflow of change is vital. In any other case, the fixed modifications can open your group as much as unknown vulnerabilities.
Organizations ought to require their cloud supplier to inform them of any important modifications to the product. And the contract ought to have a clause that states the supplier could not materially reduce the safety controls through the time period of the contract.
This ensures that whereas there shall be innovation by way of fixed change, the supplier can’t weaken the safety program that you’ve got beforehand reviewed and accredited.
Search for suppliers who’ve a observe file of delivering new product improvements whereas making certain that safety is rarely compromised.
As you overview new options, contemplate the place your knowledge has potential for publicity. With each new characteristic that’s launched, from low-code apps to cloud knowledge warehouse integrations to embedded analytics, Domo bakes in ongoing overview of safety requirements to make sure safety compliance.
Many cloud suppliers, together with Domo, have applied a product council or buyer advisory board to debate upcoming product options and evolving safety insurance policies.
Ask to be a member of the cloud supplier’s product council; this can preserve you updated and supply invaluable suggestions on the cloud supplier’s roadmap.
Many cloud suppliers additionally preserve product replace pages (equivalent to Domo’s New Options web page) to tell their prospects of latest product modifications.
Reviewing these updates ensures you gained’t miss any new options that might allow you to additional improve the safety of your knowledge within the cloud.
What visibility and management is offered?
It’s important that your group continues to have full visibility into how its knowledge is being saved, processed, accessed, and transmitted within the cloud.
Any service settlement with a cloud supplier ought to clearly describe how the group’s knowledge is managed and guarded.
Other than sturdy contractual controls, the group should have close to real-time visibility into how the supplier is managing its knowledge.
A steady monitoring mannequin will assist you to pull all logs into your individual Safety Operations Heart (SOC) to search for anomalies or modifications.
Additionally, search for Accountable Disclosure Packages (like Domo’s) that encourage accountable reporting of potential safety vulnerabilities and collaboration with safety researchers on any points which are recognized.
Along with transparency, management of your knowledge is vital. Any supplier you employ ought to be capable to align to your current knowledge governance fashions.
Search for metadata administration capabilities and methods to make sure knowledge high quality. For instance, Domo gives knowledge lineage instruments that offer you full visibility to the content material and standing of datasets.
Additionally search for knowledge certification capabilities so you’ll be able to set up trusted datasets. Then contemplate what controls you would possibly want in place to share knowledge outdoors your organization with embedded analytics instruments equivalent to Domo In all places.
Can I keep away from turbulence?
Cloud suppliers ought to be capable to provide a much more safe mannequin than legacy, on-premises suppliers.
Some safety options to search for embrace least privilege and separation of duties entry fashions, transport layer encryption and encryption at relaxation, in addition to logs for community, system, and software occasions.
You also needs to search for customer-managed safety features that allow you to keep in command of your knowledge and align together with your current safety necessities.
In Domo, these options embrace SAML-based SSO, multi-factor authentication, IP deal with restrictions, and safety profiles.
Domo additionally gives Carry Your Personal Key (BYOK) encryption that means that you can rotate encryption keys a number of occasions a day.
Conclusion
Ensure you do your due diligence up entrance to pick out the cloud suppliers that may meet and exceed your safety necessities.
In any other case, you might be left with unsophisticated suppliers that may’t adequately defend your knowledge, and your journey to the cloud may very well be a turbulent and expensive one.
To be taught extra about how Domo meets the enterprise safety, compliance, and privateness necessities of organizations in extremely regulated industries, click on right here.
