- Scalability and power
For this factor, outsource cloud service can giving more both computing power and scalability. However, sometimes the organization may have enough capability to function their task, having cloud in-house is still your choice.
- Confidential/Sensitive data
An organization must guarantee that all of their sensitive/confidential data will not be sent to external. The organization must filter out all the sensitive/confidential data before sending it out. In contrast, using in-house resource, the organization may not need to perform filtering, but then again need to have an access control to these data.
- Securing data at each state
Data also has it own lifecycle. At each state in their lifecycle, it requires different protection to make it secure. To make it secure means it must provide ‘Confidentiality’, ‘Integrity’ and ‘Availability’. For example, at rest state – it stored in a storage, the data must be encrypted and having an access control, or if it is transferred to somewhere else, during transferring the data must be encrypted and some other network security techniques should be applied. Therefore, make sure that the cloud that you are going used have these capabilities.
As aforementioned about encryption, key management and related process also must be considered.
- Location where your data is stored
If you use in-house resource, you can identify where is your data. Conversely, using outsource you may not know where your data is. It may be located in another country where regulation and legal is different from yours. So, make sure that you will know where your data is while using cloud and prepare for differences of regulation and legal if it stores in another country.
- Physical security
Locating the infrastructure for cloud in secure areas is also important e.g. It should have access control, fire protection system, water leakage detection system and etc.
Moreover, using outsource cloud service can be categorized in three types – Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). Each type has different right to control object in the cloud. For example, if you decide to IaaS, it means your responsible is taking care of operating system till data. It can be said This service allows to control the security of OS till data. On the other hand, using SaaS, the security of everything on the stack relies on outsource security control. So, if you would like to have outsource service, you must consider these different types of service.
Another factor that cannot be left is an organization’s ability. This ability means the resources that the organization already had and the budget. However, the ability of each organization is different so this article cannot lead your organization to the point that having SOC in-house or using outsource is better.
Lastly, do not forget to ‘Try before you buy’. After choosing the solution, your organization must proof that it can be practicably integrated to your existed system and functions smoothly before purchasing.
To sum up, there are several factors needs to be considered. Some of them may not be mentioned in this article. There is no one fit all solution for every organization as the goal, environment and resources of each organization is different. Sometimes the best solution of other organization can be the worst of yours. Therefore, carefully consider these factors and give it a try, then you can get the suitable and operable solution of yours.