6 Independent Third-Party Sources for Vetting Cloud Security Vendors

A top challenge that CISOs face when managing cybersecurity risks is consolidating an overabundance of vendor point solutions. With many solutions come many security alerts – with security teams only responding to 51% of alerts, that’s not only a cybersecurity concern, but a significant drain on company resources as well. Vetting cloud security vendors is critical for condensing your security solution lineup.

The 2019 Cisco CISO Benchmark Study reported that organizations can increase efficiency by decreasing the number of security vendors on which they rely; this means it may be time to reevaluate your vendor lineup and make some cuts. After all, 63% of organizations with only one to five vendors saw less than 5,000 daily security alerts. 5,000 every day may sound like a lot, but it’s reasonable when you consider that organizations with 10 or more vendors on average see more than 500,000 alerts every day.

The bottom line? Vetting cloud security vendors is a must for every IT and security team. Selectively narrowing down vendors can streamline your workflow and reduce your workload. So how do you choose which vendors are doing their due diligence and offering you the most value? Trust these independent third-party sources when vetting cloud security vendors.

1. Black Book Market Research

Black Book Market Research is widely acknowledged as an industry leader in providing accurate, unbiased healthcare IT research and evaluations. With their independent industry-based benchmark studies, in-depth data analysis, and impartial insights, they offer organizations a resource for identifying quality vendors. When vetting cloud security vendors, health organizations should look to Black Book for guidance.

2. AppExchange

The Salesforce AppExchange store is a reliable source for locating and learning more about thousands of ready-to-install solutions for the Salesforce platform. You can see apps recommended just for you, sort solutions by type, explore industry and product collections, and use the search feature to find the solution you need. Everything listed in the AppExchange has been vetted by Salesforce, reducing risk and ensuring that your organization can be up and running quickly.

AppExchange reviews can’t be altered by companies, and you have access to nearly a million peer reviews. You can gain honest insight into how others in your industry are using vendor solutions to enhance Salesforce.

3. SOC 2

The American Institute of CPAs’ Service Organization Control platform provides impartial assessments that demonstrate how technology-based service organizations meet compliance controls and objectives. Entities that have successfully completed the rigorous SOC 2 Type 2 examination have cloud security solutions that meet Security Trust Services Principles, which are:

• Security
• Availability
• Processing Integrity
• Confidentiality
• Privacy

This certification verifies that a vendor effectively carries out and practices what they advertise. SOC 2 reports offer a transparent look at what you can expect from the vendor and provide peace of mind – if they’re SOC 2 certified, they can be trusted to reliably maintain strict security controls.

4. GLG

GLG (Gerson Lehrman Group) specializes in providing professional insights to organizations in a wide variety of industries. GLG connects highly-experienced professionals with businesspeople who want to solve problems and drive better outcomes. An industry expert can evaluate your vendors, recommend reliable providers in your industry, and offer other solutions that drive success.

5. Net Promoter Score (NPS)

NPS is a source for gauging a business’s customer relationship and loyalty. With an index that ranges from -100 to 100, NPS measures how willing customers are to recommend a company’s products or services to others. The score demonstrates customer satisfaction with a brand as a whole as well as approval (or disproval) of their products or services. NPS utilizes industry-leading benchmarks and peer-based comparisons to provide authentic, unbiased evaluations.

6. Conduct your own vendor assessment

You can rely on third-party sources for vetting cloud security vendors, but some organizations also perform their own assessments. Here are five considerations to keep in mind when evaluating vendors:

1. Compatibility. How does the vendor fit in with your organization’s goals, standards, and resources? Will they provide the technology you need, or will you have to compromise somewhere along the way?
2. Ongoing Support. Does the vendor offer continued support after the initial implementation? Cloud security is always evolving, and you want to make sure you have professional assistance if ever the need arises.
3. Vendor Performance. What do the vendor’s financial stability and performance history look like? Are they a steady business with secure financials? Or is their future uncertain? Explore client reviews and testimonials to determine what others in the industry think about their services.
4. Security. You’re entrusting the privacy and security of your cloud data with this vendor – how do their security measures hold up? Determine how your data will be secured by asking questions, and request documentation of any industry-standard certifications they hold.

Consolidate your cloud security vendors. Increase your cybersecurity efficiency.

Whether you choose to rely on third-party sources or you want to conduct your own assessment, vetting cloud security vendors is critical to boost the effectiveness of your cybersecurity program. Reducing your point solutions allows you to focus on the most significant alerts and address genuine security concerns before they become full-blown problems. Take steps today to begin reflecting on and evaluating your current vendor lineup.