The merits of transparency when selecting a cloud vendor

Written By Rob Morse

This week the popular network content delivery service provider, CloudFlare, has released a detailed postmortem report outlining the specifics of a breach from November 2023. The details can be found here:

https://blog.cloudflare.com/thanksgiving-2023-security-incident/

“The true test of a provider’s merit is how the team responds to incidents and how much detail they provide in their reporting.”

I bring this incident up to commend this level of transparency from a business partner. As I continue to say loudly and often; when it comes to cyber incidents, it is not ‘IF’ it’s ‘WHEN’ as our interconnectedness these days all but guarantees security breaches for any sized organization. The true test of a provider’s merit is how the team responds to incidents and how much detail they provide in their reporting.

I often advise my clients to consider this factor when selecting a partner, and indeed, doing proper discovery can provide lots of insights on how a cloud vendor is likely to be as a longitudinal partner. Interestingly, this can present itself by sometimes selecting the partner with the most breaches! It may seem counterintuitive to do so, however I posit that in many circumstances, fewer breaches could mean fewer disclosed incidents and a lack of transparency and accountability.

“..this proves that the provider is capable of a profound level of cybersecurity detection acuity”

By looking at the above blog post in our example, we can see that they go into great detail of the event, the genesis, the attack vector, the magnitude of the incident, as well as their remediation plan of action. While many executives of startups may not have the appetite for the gory details, it also enlightens us to one important fact; this proves that the provider is capable of a profound level of cybersecurity detection acuity. We now, thorough our due diligence, have evidence that our potential partner is capable of a certain level of sensitivity and accuracy when an incident does occur.

Even the most experienced technology leaders cannot be everywhere at once. At some point (and very early on for startups) we need to have an element of trust in the cloud providers we select to do business with. By examining how corporations handle security breaches, we can gain meaningful insights into how they will treat us as a partner and what we can expect.

RM

Rob Morse

A former special needs teacher, Rob has been delivering thoughtful IT leadership to life science organizations for over 15 years. He continues to live by the mantra to put the needs of patients first. His vision has always been to be a liaison for organizations to help IT departments Support, Empower and Enable (SEE) the core teams and bring medicine to patients faster.

https://morsewire.com
Previous

FBI Boston thwarts Russian attack on small business routers.
Next

On the new launch of MorseWire