Video Activity

Vendor Lock-Out

Video Transcript

All right, We've talked about vendor lock-in now we're going to look at the opposite vendor lock-out when you're unable to access your data in a Cloud provider. Now this is somewhat remote risks, but still should be considered when getting a Cloud vendor.

The learning objectives are to identify the common issues that result in vendor lock-out. Just got the primary methods for avoiding vendor lock-out and talk about how to prioritize those risks to avoid vendor lock-out. There are two main things that cause vendor lock-out, and as we said, vendor lock-out is the inability of a customer to access  their data that's stored or hosted at a Cloud provider.

This circumstance unfortunately sometimes happens when a Cloud provider isn't all that mature and runs out of money or is not able to pay the costs associated with the utilities of maintaining their datacenter. They go out of business. This caused a huge problem for the customers because they can't access the data. The lights aren't on in the datacenter. There's no internet connection. They can't get their data out of the vendor and they can't get in to access it in the first place.

Now, you could potentially address this risk by really doing better due diligence on any vendor you use if the price seems too good to be true, or if the vendor doesn't necessarily have a lot of clients or they're really unwilling to really discuss any other.  They're not really transparent about their controls, their finances, things like that. This can be hard, especially with small companies, and this is the case when a very fledgling company or a Cloud provider that's cheaper, just starting to get going happens.

This can happen with other Cloud services as well. I've encountered number of venture-backed companies that have lots of customers. They appear to be growing. But the financial review does not look good. They are just burning through money, attempting to build out their service and reach profitability. This really creates the potential risk of vendor or lock-out in the future if you're not thinking of potential strategies to address this. Another risk related to vendor lock-out is a legislative environment.

Vendors and these service providers, they need to maintain appropriate controls to meet their compliance and regulatory obligations. In some cases, if they fail, they may be fined or potentially shut down temporarily to address those things, and that can result in at least a temporary vendor lock-out. Again, that's very rare, but it's still a possibility, so you should do your due diligence on the vendor, their compliance obligations, any third party reports that validate that they have effective controls in place.

Then you should also check up on the financial health of  vendor before using their Cloud services. Lets work out a few things. How should your cloud vendor review process address the risks of vendor lock-out? Simply, you should have some type of financial review to ensure that this vendor is in stable physical condition and will not be going out of business, preventing you from getting to your data.

Also, if you were responsible for mitigating the risk of vendor lock-out, how would you do it? Well, many companies, they're tempted to use less mature Cloud providers are typically smaller businesses where they're trying to move to the Cloud in an economical fashion. If you don't necessarily have that much data going into the Cloud, having on-premise backup solution to address this lock-out issue may be a good way of doing it. Although I think it's better to go with a more mature Cloud provider that devoid of which there's very little if any, risk of being locked out.

All right, in this module we talked about the main factor associated with the risk of vendor lock-out. Some of the common methods for adjusting factors to prevent vendor lock-out, to just financial due diligence and third party auditing  reports to ensure that vendors are meeting their compliance obligations. All right. I'll see you in the next lesson.

Course link:
CCSP Certification Course & Training

Our CCSP certification course & training will help you develop your skills for a cloud security engineer, architect, or manager role, as you’ll want to take this Certified Cloud Security Professional (CCSP) certification course. Information Security Analyst Graham Wicas will give you the training to understand all six domains of the CCSP exam, including cloud data security and legal compliance.

Instructed by
Graham Wicas

I am an Information Security Analyst, and I hold the following certifications: CISSP, CCSP, CISA, CRISC, and Sec+.