Cloud SCP

What principles should we follow when choosing a Cloud SCP service provider?

One of the problems we face when dealing with a migration to a new provider is that we have to Cloud SCP services is: Who should I choose? What parameters should I measure? What do I weight most? These are good questions to ask yourself to avoid making a mistake, so I'm going to try to answer the big question: Who do I trust?


Cloud SCP


A cloud service provider, or CSP, is a company that offers some component of cloud computing. Generally, when you search the Internet, a cloud service is defined as infrastructure as a service (IaaS), software as a service (SaaS) or platform as a service (PaaS) for other companies or individuals. The best known CSPs are Microsoft Azure, AWS and Google Cloud, but there are a multitude of service providers on the cloud. 

Principles selection criteria for a Cloud SCP service provider

  • Supplier reputation: 

Like everything else in the business world, the reputational factor is something to be taken into account, as it is earned through the trust of other clients who earn or lose this reputation. In the case of PCS, reputation is usually earned through the services provided by the different services, the cost of the service, the security and the quality of the services.

  • SLA verification/service level agreement:

Another option is to verify or obtain a service level agreement (SLA) that is sufficiently satisfactory for your company's needs that you can feel comfortable with the decision you have made, knowing that the level of service you will receive will be in accordance with the internal quality standard you wish to obtain.

  • Policies:

Policies, being a compendium of parameters, we can say that the policy-based relationship requires a formal trust between provider and customer. A Public Key Infrastructure (PKI) between the two can be created and used, strengthening the policies. This certificate is recommended to be issued by a certificate authority (CA) as it will regulate the validity, retention and delivery of the certificate.

  • Supplier use cases:

Trust based on evidence, very useful if what we want is to verify that everything they tell us is true, presenting the results of the tests carried out so that we have evidence of what we have contracted. Of all the types of trust in public clouds, this is the most difficult to obtain, as they will normally refer us to an independent report of their facilities.

  • Corporate confidence:

Finally, corporate trust, where I, as a customer, have to trust the service provider to provide me with everything I have contracted for, with the stipulated level of quality and with the required level of security to preserve my data, services and commitments to my customers. 

Assessing these five phases will help us to make an important decision in our company when migrating to an IT environment. Public cloud.

José María Pulgar

José María Pulgar

CISO & Cybersecurity Tech leader at Bosonit

You may be interested in

Take the leap

Contact us.