How do you know if a cloud service is secure enough to handle your data? That’s a question that the National Cyber Security Centres poses on behalf of public sector and enterprise buyers of cloud services. It has formulated a set of 14 Cloud Security Principles that it recommends are used when weighing up the pros and cons of suppliers.
When SaaS provider Exostar was looking for a cloud provider to help its solutions meet the standard required by UK Government, these principles helped it evaluate the security of potential service providers.
Exostar is a leader in identity access management and secure enterprise cloud solutions that mitigate risk and improve collaboration, information sharing, and supply chain management. When one of its customers in the UK needed a shared cloud environment that would meet UK Official Sensitive classification for a procurement solution, the Principles became an important checklist.
The team had to understand and account for the implications of all of these principles, which include: Data in Transit Protection; Asset Protection and Resilience; Separation between Consumers’ Governance Framework; Operational Security; Personnel Security; Secure Development; Supply Chain Security; Secure Consumer Management; Identity and Authentication; External Interface Protection; Secure Service Administration; Audit Information Provision to Consumers; and Secure Use of the Service by the Consumer.
Girish Maheswar, Senior Product Manager, eSourcing for Exostar, says, “With iomart’s partnership, we were able to put together an infrastructure model in place within the UK, which enables Exostar to provide our various solutions and meet UK Government regulatory compliance, while maintaining our value and competitive advantage.”
Colin Love, Head of Public Sector for iomart, says, “Security and adherence to best cloud practice is front of mind for all of us who do business directly with government or any organisation that needs assurance around data protection. Whoever you do business with has to trust that you share the same high standards.”
The success of the project has allowed Exostar to expand its footprint. It can now offer a lean SaaS model for enterprise customers within the UK, for whom compliance with UK Official Sensitive classification, security and risk management are important for their supply chain collaboration.
Read the full case study with Exostar here.