Certified Safe and Secure
Cloud computing has had a dramatic impact. It has made sophisticated technology solutions more accessible to organizations of all sizes and enabled many businesses to speed their innovation process. However, security, lack of open standards to prevent platform/vendor lock-in and loosely defined service level agreements has led to a growing number of companies implementing their own private cloud infrastructure.
Cloud platform providers are attempting to soothe these concerns by participating in cloud standards initiatives like OpenStack and CloudStack and obtaining certifications. Vendors from Google (Google Apps and App Engine) to Microsoft (Office 365) and now Acquia have subjected themselves to security certifications from third-party organizations. However, security still tops the list of concerns for IT leaders considering cloud adoption, although the level of concern has decreased over the last few years.
SSAE 16 assesses controls and procedures related to:
Learning Opportunities
Webinar
Feb
7
CX Orchestration: The Next Level for Your VOC Program
See how real-time responses to customer feedback maximize CSAT!
Webinar
Feb
14
Want to Future-Proof Your Digital Experiences? Use AI and Headless Search
Join us for an exciting hour-long conversation featuring Juanita Olguin, Sr. Director of Marketing at Coveo
Webinar
Feb
22
How Microservices, API-first, Cloud and Headless Fit Into a Modern eCommerce Architecture
Learn how the components of a MACH architecture fit into a modern ecommerce platform
Webinar
Feb
23
Why Machine Learning is a Marketer’s New Superpower
Looking for the cheat codes to turn massive amounts of customer data into meaningful insights?
Conference
May
10
CMSWire CONNECT 2023
Don't miss the most impactful customer experience conference of they year — live in Austin, Texas May 10-12, 2023.
Conference
May
10
Reworked CONNECT 2023
Don't miss the most impactful employee experience conference of they year — live in Austin, Texas May 10-12, 2023.
Webinar
Feb
7
CX Orchestration: The Next Level for Your VOC Program
See how real-time responses to customer feedback maximize CSAT!
Webinar
Feb
14
Want to Future-Proof Your Digital Experiences? Use AI and Headless Search
Join us for an exciting hour-long conversation featuring Juanita Olguin, Sr. Director of Marketing at Coveo
- Customer Support
- Data Backup
- Database Security
- Maintenance and Change Management
- Network and Systems Availability and Monitoring
- Network Security
- Operating System Security
Proponents suggest it validates the effectiveness of operational controls. However, looking more closely, the certification allows the management of the company being reviewed to assert their controls are effective. If the controls are inadequate, but management attests (either intentionally or unintentionally) to their effectiveness -- the company can claim it has been SSAE 16 audited. Unless a buyer looked at the details from the audit report, they would never have a true understanding of the quality of the company’s processes and controls. Similar problems exist in other popular certification processes.
What’s Next
Ultimately, the actual standards for security, service levels and other operational aspects of cloud computing must be established. This is the only way the businesses that consume cloud services will have a clear perspective of what they are getting without undertaking months and months of effort per vendor for every RFP. Standards like SSAE 16 are a good start, but they are far from enough.