Cloud Managed Service Providers and Cyber Security
As we’ve all seen in recent years, cyber threats are increasing in both size, scope, and impact to business. One of the largest DDoS attacks recently occurred; global providers like SolarWinds and Kaseya were infiltrated by hackers. So, what happens to our cyber security risk when we migrate services to the cloud? Are all service providers equal? The reality of the question is that they are not.
In recent news, Bandwidth was recently affected by a large scale DDoS attack. Bandwidth is the underlying SIP provider for major UCaaS players – and as such, providers across the entire globe were impacted by the DDoS attack on Bandwidth.
As more services migrate to industry leading providers, their target by hackers and bad actors grows each day. What happens if your cloud phone system provider is hit with ransomware or a DDoS attack? As we migrate our business applications that are critical to run our organizations into cloud infrastructure, how do we complete due diligence regarding those providers? What sort of questions should we be asking?
Below are a few questions you should think about when picking a cloud provider:
- DDoS mitigation strategy – In the event that your provider is targeted by DDoS, you will want to know what they have in place to ensure uptime for their customers that rely on them for critical communication, orders, meetings, and the day-to-day operations of organizations across the globe. As an organization, you should also consider how your cloud service providers continue to update their security measures. The DDoS attack of a few years ago vs the most recent ones are vastly different in size. An organization that only planned for the capacity to handle cyber threats of a few years ago would find themselves in a bad situation now.
- Security Profile and Management Strategy – What other steps are they taking to ensure that they have the correct security protocols in place? SOC, HITRUST, ZeroTrust, etc. are all great measurements of cyber risk, but behind the required minimums, what are they doing above that? SolarWinds was ISO certified, but that did not stop the attack by itself.
- Back-up/Disaster Recovery – in the event of a breach, what is the emergency protocol? If all servers were locked up with ransomware, how would your provider re-enable services? What does that look like for them? Having and discussing a documented recovery process is something an organization should definitely consider when evaluating cloud providers.
These are just a few of the questions we should be asking cloud providers before entrusting them with critical business applications. What does downtime mean for your organization – especially when it is part of the infrastructure you are not managing. ChoiceTel can help your organization evaluate and choose a cloud provider that meets all your needs. To speak with a consultant, contact us at email@example.com or call us at 800-815-3320.