Just as in physical storage, cloud service providers are used to store sensitive data. This can be anything from credit card information to personal information such as social security numbers. There are three key cloud services: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). The storage of sensitive data will inevitably lead a cloud service provider to need a specific audit performed by a third-party entity, such as A-LIGN, due to legal, regulatory and/or contractual obligations. It is important for cloud service providers to understand its obligations first when selecting an audit.
Choosing the right audit as a cloud service provider
Here are some of the audits, with careful selection, that can meet cloud service provider needs as well as attract additional customers by demonstrating compliance with internationally accepted security standards and controls:
- ISO 27001 Certification
- FISMA Security Assessment
- SOC Reporting (SSAE 16 & SOC 2)
- PCI DSS
It is important for cloud service providers to select the appropriate assessment in order to address the governance affecting cloud computing. Benefits of such assessments include meeting the legal, regulatory and contractual obligations between the cloud service provider and customer(s).