Vetting a Cloud-Based SaaS Vendor (ghostwritten blog post)
Vetting a Cloud-Based SaaS Vendor [Cheat Sheet]
A quick Google search for “top cloud-based SaaS vendors” nets over 14 million results—there’s certainly no shortage of them. Finding a good vendor in that haystack can be daunting and scary, especially with so much on the line, but a CIO who knows the right questions to ask beyond “How’s your security?” will be able to weed out the bad ones quickly.
Below find the categories that CIOs should focus on when vetting a cloud-based vendor. To get all the questions to these categories, download Mediafly’s cheat sheet to help guide you.
Business Viability Questions
Get to the competency of a company and ensure you’re not dealing with people working out of their garage. It’s important to confirm that any potential partner of yours will not only continue to exist, but also protect you against any loss of data.
The Million Terabyte Question
Once you feel confident the SaaS vendor is a viable candidate, it’s time to talk security. The first security-related question any CIO should ask a potential Cloud SaaS partner is:
Have You Been Hacked?
If the answer is yes, you’ll want to understand how they handled the incident management. If an audit has been conducted, you’re within your right to ask for a copy of it. If the audit results don’t reveal any other customers’ secrets, and the results are owned by the vendor, they should not have a problem delivering a copy to you. Look at the results of the audit, the scope of what was investigated, what the hackers were able to access versus not access, what was ruled as the cause of the breach, and verify that a follow-up audit was conducted to validate that the issues found were fixed.
If the answer is no, find out if the vendor has thought through worst case scenarios. They indicate if automatic detection triggers are in place and they call out the importance the vendor places on security driven capabilities.
Network Security Policy Questions
Yes, security is important, but how important is it to your line of business? The answer will vary by vertical. If you’re in a high-risk industry such as finance or media and entertainment, you’ll need a deeper understanding of a vendor’s security policies.
These questions will help shed insight on the vendor’s technical and human processes and everything network related. They also cover the bases on external threats, the scope of a vendor’s content access and allow you to understand if the vendor uses a data center or an application within the data center. If your company deals with valuable content you’ll want to conduct your own audit of the vendor’s network and operations to confirm it’s as impenetrable as you need it to be.
Product Roadmap Questions
I encourage you to cover specifically how the product will be implemented during RFP process. Uncovering the answers to these questions before you hire a vendor lets you see what the vendor is building and where they’re headed. The responses will point out future use cases and problems they may solve. Finally, you’ll be able to identify any patterns between what the vendor is doing internally or what challenges they are looking to address and how all of that fits with your company’s future.
There are plenty of other questions to ask a potential SaaS vendor, but starting with these categories will allow you to weed out the proverbial wheat from the chaff.
For a little more guidance, download our SaaS Vendor cheat sheet below with questions you can check off as you go along.