When selecting a reliable, trusted PCI DSS cloud-hosting provider it is critical to understand and investigate the seven main areas outlined below so you can partner with confidence.
Doing your research and understanding your options, the potential hidden costs, depth of security available and level of customer service provided allows you to select a cloud-hosting provider for the long-term. You can focus on growing your business knowing you’re up to PCI DSS standards and your data, as well as your client’s personal information, is protected.
1. What does it cost?
Pricing is based on your company’s specific needs and it’s important to note that a fixed shelf price means nothing has been tailored to the needs of your company. Often companies tend to focus a lot on the tangible services that are needed, such as infrastructure. Recognizing that more PCI DSS intangible services such as operations, support, communication and staying up to date with the latest hacks and threats to your business are often not considered. Ensure you spend some extra time calculating the total cost of services, including any responsibilities that will fall on your internal team members.
2. How do you get started?
Many service providers offer migration services and assistance in the assessment and planning phase, as well as skilled technical staff that can fill skills gaps in your migration teams. Make sure you have a good understanding of the offered support and decide who will do what. A responsibility matrix provided by the PCI DSS cloud-hosting company can be a great starting point.
3. What customer support options are included?
The last thing you want when your business is under attack is to wait on hold for a customer service agent. Look for a supplier that can offer you more personalized support with a direct contact ready to handle discussions, planning and project management throughout your partnership.
4. How much do you have to do?
The service levels amongst PCI DSS cloud-hosting providers can be vastly different. You should ask potential cloud providers how much support you will get, both in terms of setup and ongoing support. Variance in pricing quotes is often to the level service provided, and thus received by you the client; some cloud alternatives might seem cheap and that’s usually because you have to do a lot of the work yourself.
5. How secure is it?
Security is really the number one priority when selecting a PCI DSS cloud-hosting provider. Look for certifications and providers that comply with security standards and frameworks such as ISO 27001. They should be able to demonstrate easily that they follow best practices in security and are continuously upgrading with the latest technologies and methods.
6. Where is your data stored?
With laws and regulations like CLOUD Act and GDPR, integrity has been put in the spotlight in a big way. You should ask potential cloud-hosting providers where their infrastructure is located, if the data ever leaves the country, if they have ever had any breaches in security and to what measures etc.
7. What if your business grows?
As your business grows, so will your cloud storage needs. That’s why it’s good to choose a scalable solution partner. Find out the cloud-hosting provider’s storage capacity and how much it costs to upgrade, this will save you surprises in the future!