Eyefreight's major customers prompted the company to take a close look at cloud security, says Owen. The company offers a cloud-based transportation-management system, and users wanted to understand the implications and practices of a TMS that’s delivered in that manner. They also wanted to be assured that their systems were internally secure.
Eyefreight drew on the resources of the Cloud Security Alliance (CSA), which provides information about potential cloud users as well as a comprehensive self-assessment program. The latter allows a company to match its operations against 138 criteria linked to the ISO 27001 information-security standard.
The exercise required Eyefreight to formalize a number of its security processes. It created an acceptable-use policy on the use of machines, including the kinds of information that could be stored in them, and what development personnel were allowed to do with the source code. The company also examined the practices and technology of other companies on which it relied, through the CSA registry.
The bulk of the effort involved the transformation of people and processes, Owen says. “We needed to provide a secure environment for our customers, give them confidence that their data and business intelligence were secure.”
Eyefreight undertook the review with some trepidation, fearing that it would involve a certain amount of pain. But it turned out to yield “a significant benefit,” says Owen. “The company has grown in awareness. [Customers] can have a lot more confidence in our organization.”
