best practice is always important to take a look at again. You won't find this in a different than own prim defense and death as a cloud service provider. My reputation is on the line, right? My reputation is at stake.
So we think of physical security. We think of hardening the servers. We think of hardening the hyper visor. We think of hardening the operating system.
Uh, if that's something that we offer, we think of all of those elements hardening defence in depth, limiting access control to Onley those that need access. Follow that principle of least privilege. Make sure that we monitor audit our systems, physical securities well as
our technical systems. And we maintain those systems making sure that we do so on schedule.
So when I as a customer, considering the physical infrastructure, we looked, uh, audit or third party insurance, we talked about the up time institute a little bit earlier, evaluating for redundancy, the physical infrastructure. But like always,
legal considerations, we think about compatibility of equipment. We want to avoid vendor lock in
how what are the security controls implemented? Whether the logs. So you know, again, I'm not just gonna read everything you have here but again Want to reemphasize? Yes, it is the cloud service providers responsibility to provide us with the stroller secure infrastructure.
But it's our problem if they don't
compliance and regulations are always gonna be, ah, huge driver outsourcing. You know,
sometimes I'll hire a vendor who hires a vendor who hires a vendor, right? A contractor hires a subcontractor who hires a sub. So you know, our definition of an internal employee is really shifting right, because now we've got to consider cloud service providers and their employees.
And what about their vendors and their vendors?
Again, Considerations, making sure that the security configuration is handled properly is evaluated while still making sure that we have the ability to access the data we need. That's what it's all about.