Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
    • By Category
      • AI/Hyperautomation
      • Cloud/Cloud Wars
      • Cybersecurity
      • Data
    • By Interest
      • Leadership
      • Office of the CFO
      • Partners Ecosystem
      • Sustainability
    • By Industry
      • Financial Services
      • Healthcare
      • Manufacturing
      • Retail
    • By Type
      • Courses
        • Understanding the New Executive Buying Committee
      • Guidebooks
      • Digital Summits
      • Practitioner Roundtables
    • By Language
      • Español
  • Vendor Shortlists
    • All Vendors
    • AI/Hyperautomation
    • Cloud
    • Cybersecurity
    • Data
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
Twitter Instagram
  • Courses
  • Summit NA
  • Dynamics Communities
Twitter LinkedIn
Acceleration Economy
  • Home
  • Cloud Wars
  • Analyst Content
        • By Category
          • AI/Hyperautomation
          • Cloud/Cloud Wars
          • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
          • Data
        • By Interest
          • Leadership
          • Office of the CFO
          • Partners Ecosystem
          • Sustainability
        • By Industry
          • Financial Services
          • Healthcare
          • Manufacturing
          • Retail
        • By Type
          • Courses
            • Understanding the New Executive Buying Committee
          • Guidebooks
          • Digital Summits
          • Practitioner Roundtables
        • By Language
          • Español
  • Vendor Shortlists
    • All Vendors
    • AI/Hyperautomation
    • Cloud
    • Cybersecurity
    • Data
  • What we do
    • Advisory Services
    • Marketing Services
    • Event Services
  • Who we are
    • About Us
    • Practitioner Analysts
  • Subscribe
    • Login / Register
Acceleration Economy
    • Login / Register
Home » How to Fold Cybersecurity Practices Into Cloud Provider Purchasing Decisions
CXO

How to Fold Cybersecurity Practices Into Cloud Provider Purchasing Decisions

Joanna MartinezBy Joanna MartinezMay 9, 2023Updated:May 9, 20234 Mins Read
Facebook Twitter LinkedIn Email
Cybersecurity purchasing
Share
Facebook Twitter LinkedIn Email
AE Leadership

When faced with choosing a supplier among many options, procurement defaults to the request for proposal (RFP). As such, I believe that one of the great values that procurement brings to the buying process is crafting RFP questions. Why? Because when done correctly and collaboratively, the exercise of developing questions forces the business to articulate what it really needs. And given that 79% of all organizations identify security as a top cloud challenge, according to the Flexera 2023 State of the Cloud Report, cybersecurity must be checked when making cloud provider purchasing decisions.

But it’s not always that simple. What if you asked potential cloud service providers (CSPs) about cybersecurity and received responses that look very similar? How would a chief procurement officer (CPO) help the business distinguish among CSPs? This analysis lays out a few approaches.

Ask the Suppliers for Differentiating Data

Ask the suppliers participating in the RFP to differentiate between themselves and their competitors using data, not marketing material. They may describe a point of difference that hasn’t been caught in the RFP.

Evaluate the Finalists’ Responsibility Models for Security

It’s easy for a business to assume that CSPs like AWS, Microsoft Azure, and Google Cloud are responsible for all aspects of cloud security. After all, they spend significant sums on security, much more than any of the clients on their platforms do for themselves. But according to A Cloud Guru, they each employ a different shared responsibility model. For example, AWS is responsible for the security of its cloud and the physical network and data centers that support it, while the customer is responsible for what they put in the cloud in the form of their data and applications. Others like Azure use a matrix where responsibilities change based on the service model used.

This is an important item to lock down, particularly because there will be costs and headcount involved and a potential cloud client needs to accommodate for that expense. Otherwise, the new environment will be more expensive than planned right off the bat.

Insights into the Why & How to Secure SaaS Applications_featured
Guidebook: Secure SaaS Applications

Ensure There is Robust Supplier Relationship Management in Place

If all the major players offer cybersecurity protection models that are acceptable to a potential client, a CPO can look at what happens after implementation that can be incorporated into a robust Supplier Relationship Management (SRM) program.

Once the transition has occurred, being proactive in dealing with potential security breaches can head off the need to be reactive afterward. Every CSP provides ongoing monitoring services (or works with third parties that do); the key is making sure that the services are being employed as agreed. The following items must consistently be on the agendas for quarterly business reviews:

  • Robust access management, because unauthorized access to data is considered one of the biggest risks to cloud security
  • Monitoring for unusual activity and adjusting access privileges where needed
  • Monitoring user lists
  • Scanning and identification of network vulnerabilities
  • Data governance
  • Inventory management: With new applications going up in the cloud instead of in an on-premise environment, it is easy to lose track of everything that is actually running. Something that’s out-of-sight may slip through the cracks and become easy prey for hackers, so it’s important to sunset applications that are no longer used.

Remember the Applications That Already Reside in the Cloud

During the pandemic, some companies may have sacrificed security for speed, in attempting to get as much up in the cloud as possible to facilitate remote working for their employees. Time to go back, inventory, and assess these legacy systems; do they have the right cybersecurity controls in place? And if a new cloud provider has just been chosen, don’t forget to make sure that existing applications belong in the migration plan so they aren’t forgotten.

Final Thoughts

Security is not to be taken lightly in this era of more sophisticated hackers and larger and more complicated attack surfaces. At first glance, cybersecurity models among cloud providers may seem like near carbon copies of each other, but a bit of digging can yield some real differences that should influence the ultimate choice of CSPs and help a company wind up with the security right framework.


Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist
.


Want more tech insights for the top execs? Subscribe to the Leadership channel:

AE Leadership

Amazon apps AWS Azure Cloud Customer Service CXO Cybersecurity data featured Google Cloud leadership Microsoft software
Share. Facebook Twitter LinkedIn Email
Analystuser

Joanna Martinez

Founder
Supply Chain Advisors

Areas of Expertise
  • Chief Procurement Officer
  • Supply Chain
  • Website
  • LinkedIn

Joanna Martinez is an Acceleration Economy Analyst focusing on Procurement and Supply Chain. As the founder of Supply Chain Advisors, LLC, she helps individuals and businesses achieve their transformational goals by better leveraging technology, engaging stakeholders, and improving processes. Joanna has led transformation initiatives for firms in different sectors, from consumer products and pharma to financial and professional services. She is an advisor for two technology startups, a professional services firm, and the School of Engineering at Rutgers University. For the last four years, she has been designated a Top Global Influencer and Thought Leader in multiple categories by Thinkers360 Her book, A Guide to Positive Disruption, draws on her experiences making positive changes at the organizations for which she has worked and provides a framework to follow for those who want to be successful in a business undergoing disruption.

  Contact Joanna Martinez ...

Related Posts

Infrastructure, Software, Applications for Modern CIOs | Sadin on Digital

May 31, 2023

How to Fix the B2B Technology Sales Process

May 31, 2023

How AI Enhances Endpoint Detection and Response (EDR) for Stronger Cybersecurity

May 31, 2023

Why AI Will Transform Every Aspect of Technology

May 31, 2023
Add A Comment

Comments are closed.

Recent Posts
  • Infrastructure, Software, Applications for Modern CIOs | Sadin on Digital
  • How to Fix the B2B Technology Sales Process
  • How AI Enhances Endpoint Detection and Response (EDR) for Stronger Cybersecurity
  • How Generative AI Will Redefine the Patient Experience in Healthcare
  • Why AI Will Transform Every Aspect of Technology

  • 3X a week
  • Analyst Videos, Articles & Playlists
  • Exclusive Digital Business Content
This field is for validation purposes and should be left unchanged.
Most Popular Guidebooks

The Ethical and Workforce Impacts of Generative AI

May 26, 2023

Co-Creation and Growth With Professional Services

May 24, 2023

The Business Impact and Opportunity of Generative AI

May 16, 2023

Healthcare Industry Clouds

May 10, 2023

Advertisement
Acceleration Economy
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Advertising Opportunities
  • Do not sell my information
© 2023 Acceleration Economy.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?

Connect with

Login with Google Login with Windowslive

Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.