Vendor Lock-Out

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> All right, We've talked about
00:00
vendor lock-in now we're going to look at
00:00
the opposite vendor lock-out when you're
00:00
unable to access your data in a Cloud provider.
00:00
Now this is somewhat remote risks,
00:00
but still should be considered
00:00
when getting a Cloud vendor.
00:00
The learning objectives are to identify
00:00
the common issues that result in vendor lock-out.
00:00
Just got the primary methods for
00:00
avoiding vendor lock-out and
00:00
talk about how to prioritize
00:00
those risks to avoid vendor lock-out.
00:00
There are two main things
00:00
that cause vendor lock-out, and as we said,
00:00
vendor lock-out is the inability
00:00
>> of a customer to access
00:00
>> their data that's stored or hosted at a Cloud provider.
00:00
This circumstance unfortunately sometimes happens
00:00
when a Cloud provider isn't all that mature
00:00
and runs out of money or is not able to pay
00:00
the costs associated with the utilities
00:00
of maintaining their datacenter.
00:00
They go out of business.
00:00
This caused a huge problem for the customers
00:00
because they can't access the data.
00:00
The lights aren't on in the datacenter.
00:00
There's no internet connection.
00:00
They can't get their data out of
00:00
the vendor and they can't get in
00:00
to access it in the first place.
00:00
Now, you could potentially
00:00
address this risk by really doing
00:00
better due diligence on any vendor you
00:00
use if the price seems too good to be true,
00:00
or if the vendor doesn't
00:00
necessarily have a lot of clients
00:00
or they're really unwilling to really
00:00
>> discuss any other.
00:00
>> They're not really transparent about their controls,
00:00
their finances, things like that.
00:00
This can be hard, especially with small companies,
00:00
and this is the case when
00:00
a very fledgling company
00:00
or a Cloud provider that's cheaper,
00:00
just starting to get going happens.
00:00
This can happen with other Cloud services as well.
00:00
I've encountered number of
00:00
venture-backed companies that have lots of customers.
00:00
They appear to be growing.
00:00
But the financial review does not look good.
00:00
They are just burning through money,
00:00
attempting to build out their service
00:00
and reach profitability.
00:00
This really creates the potential risk
00:00
of vendor or lock-out in
00:00
the future if you're not
00:00
thinking of potential strategies to address this.
00:00
Another risk related to
00:00
vendor lock-out is a legislative environment.
00:00
Vendors and these service providers,
00:00
they need to maintain appropriate controls to meet
00:00
their compliance and regulatory obligations.
00:00
In some cases, if they fail,
00:00
they may be fined or
00:00
potentially shut down temporarily
00:00
to address those things,
00:00
and that can result in at least
00:00
a temporary vendor lock-out.
00:00
Again, that's very rare,
00:00
but it's still a possibility,
00:00
so you should do your due diligence on the vendor,
00:00
their compliance obligations, any third party
00:00
reports that validate that they have
00:00
effective controls in place.
00:00
Then you should also check up
00:00
>> on the financial health of
00:00
>> vendor before using their Cloud services.
00:00
Lets work out a few things.
00:00
How should your cloud vendor review process
00:00
address the risks of vendor lock-out?
00:00
Simply, you should have
00:00
some type of financial review to ensure that
00:00
this vendor is in
00:00
stable physical condition and
00:00
will not be going out of business,
00:00
preventing you from getting to your data.
00:00
Also, if you were responsible for mitigating
00:00
the risk of vendor lock-out, how would you do it?
00:00
Well, many companies, they're tempted to use
00:00
less mature Cloud providers
00:00
are typically smaller businesses
00:00
where they're trying to move to
00:00
the Cloud in an economical fashion.
00:00
If you don't necessarily have
00:00
that much data going into the Cloud,
00:00
having on-premise backup solution to
00:00
address this lock-out issue
00:00
may be a good way of doing it.
00:00
Although I think it's better to go with
00:00
a more mature Cloud provider
00:00
that devoid of which there's very little if any,
00:00
risk of being locked out.
00:00
All right, in this module we talked about
00:00
the main factor associated
00:00
with the risk of vendor lock-out.
00:00
Some of the common methods for adjusting
00:00
factors to prevent vendor lock-out,
00:00
to just financial due diligence and
00:00
>> third party auditing
00:00
>> reports to ensure that vendors are
00:00
meeting their compliance obligations.
00:00
All right. I'll see you in the next lesson.
Up Next