As the demand for cloud services grows among businesses, educators, and governments, one question keeps us up at night: can we trust the cloud services that our organization depends on? At NUITEQ, we use cloud services to deliver exceptional services to customers, partners, and end-users. Trust is a broad term that we break down into 3 categories: privacy, security, and reliability (PSR for short). PSR makes it easy to quickly evaluate the trustworthiness of any cloud service provider.
Privacy tells us what Personally Identifiable Information (PII) is collected. Security tells us how PII is secured, and reliability tells us how quickly the Cloud service can recover from an outage. Knowing the PSR for each cloud service we depend on brings peace of mind to our developers and customers. See what PSR means to us below.
NUITEQ's Common Sense Privacy Video
Privacy
Privacy is the foundation of trust. The more PII stored on a cloud service provider the greater the risk if there is a security or reliability incident. Your PII is like your identity on the Internet: it can store your history of past actions and your interests. This can be used to influence your decisions so it is important to safeguard your PII.
Privacy starts by asking your cloud provider: How is PII collected, used, and transferred?
NUITEQ's Common Sense Privacy Certification
The answer can be found in external privacy certifications. These are companies that evaluate the privacy policies of the cloud service provider. When NUITEQ’s privacy policy was evaluated by the Common Sense Privacy and the Education Framework Certification the evaluators paid close attention to policies related to PII collection, monitoring, correction, and removal.
You can also look into a company's privacy portal that often include terms of service, privacy policies, cookie policies, and transfer impact assessments to see what data is collected, and where it gets transferred.
The transfer of data is particularly important to organizations in the European Union (EU) as the General Data Protection Regulation (GDPR) requires that any transfers of PII to countries outside of the EU require explicit consent and a contract with the data processor to protect PII from access from others.
Security
Security begins with the safe practices of developers and system administrators in your cloud service. A trustworthy cloud service will have established procedures for access control, and security practices in the development of the cloud service. These are part of the Development Operations (DevOps) that we will expand upon in the reliability section.
If you see a lock on the left besides the address bar of your web browser this indicates that data shared between your device and the cloud service is encrypted. Encryption is a way of scrambling data so that only those authorized can understand the information. Check that data stored in the cloud is encrypted so that hackers do not gain plain-text access to your PII in a data security breach.
An easy way to evaluate the security of your cloud service is to look for external security certifications such as the International Standards Organization or ISO 27001 Information Security certification. As NUITEQ pursues ISO 27001 certification, external auditors will evaluate our policies and procedures for secure access, monitoring PII, and secure data backup. These data backup procedures will also reduce risk in the event of any security or reliability incident.
Reliability
Reliability requires a healthy dose of skepticism through a process known as Zero-Trust in DevOps. In addition to preventing outages it also reduces the time it takes for a cloud service to be operational after a reliability issue is discovered. For many cloud services including those offered by NUITEQ, this is done through automation.
Automated monitoring reduces the time it takes to discover if a system that the cloud service depends on has stopped working. Monitoring can also reduce the scale of security of reliability incidents by looking for and blocking bulk uploads and downloads that would harm the cloud service for others.
Automated testing reduces the time it takes to discover bugs in software since a computer can run hundreds of tests to verify that the cloud service is working as expected. NUITEQ is proud to have Software Quality Assurance Engineers such as Sana Ismail establish industry-leading practices in automated testing. Code that is automatically tested when it is submitted is often called Continuous Integration (CI) in DevOps.
Automated delivery reduces the time it takes to release fixes or features to the cloud service. By automatically delivering small incremental iterations to a staging environment, developers can more quickly identify and resolve problems related to that iteration.
For more information, visit www.nuiteq.com