Top 7 questions to ask when doing a POC with a cloud security provider

Welcome to the fourth and final blog post in our series dedicated to helping you find a cloud security provider that matches your cloud security strategy. This series takes you through the journey of selecting, evaluating, identifying and evaluating your security partners so that you can feel confident in delivering cloud security to your organization.

We invite you to consult the other articles in this series:

And now, drum roll please: you are ready to start a POC with a cloud security provider. Kudos for sorting out the options and the fuss to get there – it’s an achievement! Since you’re still in the evaluation phase, you’ll want to continue to do your research and monitor progress to make sure POC delivers the clarity and value you’re looking for.

Let’s make your time count. With input from our security experts, below is a list of questions to ask regarding POCs. These will help you get the most out of the POC and ensure that, if you choose it, the solution will meet your relevant security threat mitigation needs.

Planning your cloud security POC

1. How long will my POC process take?

Why ask that? Diving into a POC is not yet a full commitment, but it is not “unconditional” either. Ask your supplier for the time and resources they expect – and recommend – for you to commit to getting the most out of the process.

Their response will help you understand the impact of POC on your team’s time and schedule. If the “down payment” (the effort you are asked to put into the POC) is too high, you might want to reconsider. Also, before you commit to the time investment, make sure you have confidence in the supplier.

You can also reveal from a supplier’s response whether they are performing POCs effectively. You can line up multiple POCs, so compare their response between vendors.

Other questions to ask include:

  • How long does it take to integrate with the POC?
  • When can we see significant results?
  • What resources should I allocate and for how long?
  • How many people on my end will be able to try the POC system?
  • What types of roles do I need to align to participate in the POC?

2. How do you access my cloud-based data?

Supply chain attacks are a growing risk. Just because your vendor is in the cybersecurity industry doesn’t make you any less vulnerable. When switching to a new solution, you should ensure that: (a) your vendor takes the appropriate steps to secure your data and systems; (b) Switching to the vendor’s solution will not “break” your existing security stack, putting you at risk.

To ensure that no critical security checks are disabled during the POC, ask:

  • How does the POC connect to my current cloud environment? Should we install an agent?
  • What kind of data will you collect?
  • Do I have to give you access to any of my solutions from other vendors to get valid results?
  • How can I be sure that this process will not change anything in my environment?
  • Who on your side will have access to my data during the POC?
  • What happens at the end of the POC if the systems go offline?

3. How do you help me measure the success of POC?

We dare say that this is the most important question in the POC. It deals with monitoring your POC metrics and goal tracking so you can make sure the solution matches your cloud security strategy and your ROI reporting goals – the concept of ROI is the same. as for any project.
But not only that. The answer tells you what data you will have to make your decision and gives you the power, should you decide to go ahead with the full implementation of the solution, to gain support for your decision throughout. business. It also helps you compare ROI results from different POCs of security vendors.

Questions to measure success include:

  • What metrics can we see, where and how often are they updated?
  • How do we receive risk alerts and automatic corrections?
  • What use cases will you allow me to try? What use cases do you recommend?
  • Where can I define and monitor the use cases?
  • What are SLAs?

During your cloud security POC

4. Who can I contact for advice and questions during the POC?

As wise as you are, take advantage of the seller’s advice, especially early on. This is important to help you understand the inner workings of the solution, but also allows you to assess what day-to-day work with the vendor will look like. You’ll see how responsive and knowledgeable they are – and what it would be like to deploy the system to the less experienced or less knowledgeable people on your team or organization. Regardless of what the vendor suggests, we recommend that any stakeholders you deem relevant (security, DevOps, IAM, other engineering teams and even management and contractors) participate in the POC.

Suggested questions to assess the communication aspect of the POC:

  • Please describe the assistance that is offered to me during the process. What is the pace of the meetings? Who do we contact? What are SLAs?
  • Who do you recommend to participate in POC alongside me? What types of roles?
  • Can people (subcontractors, etc.) from outside my organization participate in the POC?
  • Can anyone in my organization access the POC, including ad hoc?

5. What if I need customization in the solution?

The purpose of the POC is to assess the gap between the many sales calls and product presentations you’ve been through and what the solution actually does. If the gap is small or nonexistent, the solution can be successfully implemented in your architecture.

But what if you suddenly realize that you need to customize a new feature?

Agile, cloud-native businesses have made it increasingly acceptable (and technologically possible) for customers to request features and have them delivered in a short period of time. This is even more true for startups, which are trying to break into the market and need customer testimonials (that one day you could help provide them).

By determining the process by which you can request and receive a new feature, you will get an idea of ​​how flexible and responsive you are to your vendor needs and the product roadmap. A flexible roadmap can mean a very high ROI for you down the road.

Questions to evaluate the customization options:

  • What is your process for reviewing a customer request, and how often do you post an important product?
  • Can you develop and customize new features in the system?
  • What’s the latest feature you added to your solution? Why? (Find out if this was a customer request; in fact, phrase it that way.) What is the last customer requested feature that you added to your solution and why did it have been requested? Can you give me a demonstration?

After your cloud security POC

6. Did we meet our goals?

One of the most important questions you asked the vendor before the POC was how to measure the success of the POC. Now is the time to review the resulting metrics and identify if your goals were met and if the solution is worth implementing to meet your needs.

Questions to ask include:

  • Why has the POC exceeded / underperformed our targets? What should we understand? Is there something we should have done differently?
  • How can we share our metrics with others? (e.g. can we download PDF reports? is there a Slack integration?)
  • How can I optimize alerts and results to meet my needs and reduce false positives? What other optimizations can I do?
  • What steps do you recommend for higher ROI with your solution?

7. What does implementing the solution involve?

The POC is a useful step towards understanding the value of the solution. You are now ready to decide if you want the platform to be part of your daily workflow. If so, now is the time to explore the operational aspects of integration and use.

Questions to ask regarding the implementation of the solution:

  • What are the next steps, such as onboarding and other Day 2 type actions, in case we choose your solution?
  • What do you propose as an implementation schedule?
  • What kind of legal or financial paperwork do I need to do?
  • How do we integrate all our information and users into the solution?
  • What additional features will we have access to and how can we use them?
  • Who to contact for help in the first few months?
  • What are the recommended best practices for our first year of using the platform?


Cloud threats and attack vectors are on the rise, vendor offerings are constantly evolving, and the need for effective cloud security solutions is acute. Careful consideration before investing in a solution is warranted and can make a huge difference to your organization’s cloud protection. In this type of market, POCs make a lot of sense – and are a great way to tackle the ever-relevant “caveat emptor”. Whatever you do, keep researching, asking probing questions, and gaining a detailed understanding of the vendor’s cloud security capabilities – including those you might not have thought of looking for – and differentiation. . This is the best way to find the providers who will get you there and keep you ahead of the next threats.

We hope you have found this series of blog posts on Choosing and Evaluating a Cloud Security Provider helpful, and wish you every success in your quest and decision.

The Top 7 post of questions to ask when doing a POC with a cloud security provider appeared first on Ermetic.

*** This is a syndicated blog from the Ermetic Security Bloggers Network, written by Ermetic Team. Read the original post at:

Source link

About Ellie Cohn

Check Also

ManningCast comes to golf – Now play football, you cowards

For those who follow the American handegg, Peyton and Eli Manning’s Monday Night Football “ManningCast” …