choong pw

Given the current situation, COVID-19 has generally changed the way we work. Most companies including the one I am currently working with are opting if not considering starting shifting to remote work.

As I started my career mostly from the traditional tech company. Most of the infra is self-hosted and install on-prem services. Generally, there is this uncertainty where they don’t trust the data at the cloud. Now, is that true?

Let me debunk this myth once and for all. The answer is “YES” if the company you’re working with is trustable. And also, it saves you so much headache managing the infra for a small Opex price.

Hear me out…

This is not something new in the industry too. Generally, a company can request a vendor security questionnaire. It typically covers a different kind of area of how the company operates, manages data privacy, disaster recovery, and many more.

With this acting at a medium of trust. It helps speed up development, by leveraging other tools or services without jeopardizing the security of their product.

Here is a list of commonly used questionnaires used which I am aware of. Some have actually work on too.

1. National Institute of Standards and Technology (NIST)
2. Vendor Security Assessment Questionnaire (VSAQ)
3. Consensus Assessment Initiative Questionnaire (CAIQ)
4. Center of Internet Security (CIS)
4. General Data Protection Regulation (GDPR)
5. Payment Card Industry (PCI)

The company evaluates other companies based on the score that satisfies the security standard of the vendor they chose. This may be a make or break in terms of converting sales.

I hope this helps clarify why all this standardization help promotes the move to the cloud.

Feel free to use the VSAQ I hosted on my site. For the things I am working on, I will try to adhere to those standards needed moving forward with adequate response to help answer the security-related question. Try to look for the QMIS we have been working on to see our VSAQ response.

Cheers!