Cloud communications are all the rage in the corporate arena. In the United States alone, businesses are looking to spend $13 billion on it – and for good reason.
For starters, a cloud-based communication platform helps save money by giving businesses unparalleled mobility, reduced downtime, and the ability so scale up or down. All without the infrastructure costs and steep capital expenses.
And let’s not forget:
The cloud also increases an organization’s efficiency manifold.
Having a robust communication platform in the cloud means your team can collaborate real-time and stay productive. Access is never a problem as long as an internet connection exists.
And last but not the least, your IT staff can focus on things that matter – such as advancing the company’s digital agenda.
But as with anything, cloud communications have associated risks. And if you want to minimize those risks, you need to ask a provider the 5 important questions below.
The answers you get will help you decide whether partnering with a certain provider is worth it.
Are All Data Transmissions Encrypted?
Reliable cloud communications and service providers are transparent about the data encryption algorithms they use.
Advanced Encryption Standard (AES) – with 128, 192, and 256-bit formats – is a popular method among well-known cloud providers. But other standards exist like the Triple DES, the asymmetric RSA, and Blowfish which many claim hackers have never defeated!
You want to ensure that the cloud communications provider encrypts data transmissions. Otherwise, your business and its sensitive data could come under attack.
A call made through the cloud is just as vulnerable as a web application data. Without encryption, both are suspect to man-in-the-middle attacks, eavesdropping, and even malware injections.
But while having a strong encryption protocol is essential, encrypting all data transmissions – including those outside the company perimeter – is just as important.
“Security is only as strong as the weakest link,” says Paul Hill of SystemExperts. “It is less common for service providers to encrypt intra-server communications within the companies own perimeter.”
“Too often attackers are able to exploit this type of weakness once a single breach in the perimeter has occurred,” Hill adds.
What Proof Does The Provider Have To Validate Their Security?
A cloud communications provider may brag about having the most secure service. But do they have proof?
A reliable provider should have proof showing that their cloud infrastructure and systems have been audited, ensuring that their service meets the industry’s security standards.
Ask for a Service Organization Control report. These internal control reports provide valuable information users need to objectively assess and address the security risks associated with an outsourced service.
Now, many types of SOC reports exist.
The SOC2 report, for example, gives an in-depth review of the cloud environment and gauges the service provider’s controls against the Trust Services Principles. Note, however, that a SOC2 report is only given under a non-disclosure agreement.
And then there’s the SOC3 report, which is also based on the Trust Services Principles like the SOC2. The report contains comprehensive information about a cloud communications provider’s internal controls for security, processing, confidentiality, and service availability.
The SOC3 is more streamlined than the SOC2, and the report can be given without a non-disclosure agreement.
Does The Cloud Communications Provider Have An Audit Trail And Report They Can Share?
Working with a cloud service provider requires a lot of trusts. You have to trust their security measures and best practices.
But the provider also has to trust you enough to lift the hood and give you an audit trail and report.
When users know there is an audit trail, they will act with greater potential to detail, says Bernard Sanders, CTO of CloudBolt Software. “Having an audit trail is also helpful for troubleshooting purposes and root cause analysis.”
You want to work with a service that takes security seriously, one that will go beyond the data center’s audit report.
Go for a cloud communications provider whose audit reports are put together by a recognized third-party. Note, too, that operations are a key part of the service.
So the report should cover internal controls – not just the data center or hosting cloud service.
Does The Provider Have A Team Working Actively ‘Round The Clock?
A break-fix approach may work home offices or small startups.
Is the printer not jammed? Call a technician.
Won’t your laptop power up? Take it to the service station.
But a cloud communications provider has to go beyond the break-fix approach. After all, they handle the communication systems of other businesses.
And even the shortest of downtimes can lead to clients losing profits and productivity.
A smaller cloud and managed IT services provider may have certified experts and system administrators to address technical and security issues on the fly. And you don’t want that as a customer.
Instead, go for a provider with a skilled and certified team of administrators that actively look for weaknesses in the platform.
Before signing up, get customer references and speak to them. And if you can, you should also speak to the staff to get a better “feel” for their experience, knowledge, and approach to security and technical problems.
Are Their Communication Services Interoperable?
Your business uses existing apps and applications. And overhauling everything just to accommodate a cloud communication platform is the last thing you want to do.
Choose cloud-based communication applications that can seamlessly work with current processes and tools. Otherwise, your day-to-day workflow will suffer from productivity losses and technical issues.
Along with interoperability, you want a cloud communication platform that’s easy to use via mobile. Mobile-friendliness is especially important if you have employees doing fieldwork.
On-the-go employees may have to work early from home, meet a client at a remote location, or wait for a flight. Whichever the case, you want to a cloud communications application that they can easily use on a mobile device.
When assessing an application’s user- and mobile-friendliness, pay particular attention to the user interface. Is it consistent? Does it provide easy access to directories and vital information regardless of the device?