Without compromising our ability to remain unbiased, we offer cloud solutions that we feel are best in class and represent demonstrable value to our customers. These services should be considered among the many tools at your disposal in the never ending challenge of defending your business.
People often think of “the cloud” as this ubiquitous concept where they can move everything over to and will be able to securely access it from anywhere at any time with no issues. Salespeople often tout how “cheap” the cloud is compared to building your own infrastructure and support model. While there may be truth in those statements, the whole statement is definitively not true in all cases.
The cloud is actually a collection of independent, autonomous infrastructures linked together by the Internet and provides everything from computing resources to very specific application or integration capabilities such as CRM, Voice over IP, transaction processing, APIs and the like. There is no standard definition of a cloud outside of NIST which defines a cloud service as:
- On-demand self service capabilities (you can directly control what happens in your cloud)
- Broad network access (connected to the Internet or a Wide Area Network)
- Resource pooling (multi-tenancy)
- Rapid elasticity (ability to scale up/down based on demand)
- Measured service (resource monitoring, control and reporting)
This means that whether a cloud service such as Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) is deployed as public, private, community or hybrid, the service itself can have wildly varying degrees of security, performance and functional capabilities.
Often cloud based companies tout their security and cite a SSAE-16 or other standard that is actually not that indicative of the provider’s actual security process maturity.
Parsolvo helps customers sort out fact from fiction using an evidence based trust model to identify potential security vulnerabilities in cloud services and design appropriate risk mitigation techniques to ensure the vulnerabilities do not create a looming liability.