Strategic CIO // IT Strategy
Commentary
6/9/2014
09:01 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Provider Accreditations: Do They Matter?

Although accreditations get a bad rap and are no guarantee of service quality, they can offer insight into what a provider deems important.

If you spend any time shopping for enterprise-class ISPs, co-location companies, cloud hosting vendors, and other service providers, you know that most of them are quick to rattle off their various accreditations.

Although accreditations get a bad rap and are no guarantee of service quality, they can offer insight into what a provider deems important and the types of customers it's targeting, helping customers gauge whether the provider is a good fit.

Accreditations let potential customers quickly differentiate the focus and ambitions of the service provider. For example, those that hold and proudly promote a Tier-level certification from The Uptime Institute are appealing to customers that seek highly available services. Providers that show off their CSA STAR (Security Trust and Assurance Registry) accreditation are focused on protecting customer data from security breaches. Other accreditations, such as those from the Open Compute Project, focus on systems interoperability.

But I must reemphasize: Simply having an accreditation is in no way a guarantee that the service provider will actually be able to follow through with what the accreditation stands for. Architecture discrepancies, misconfigurations, and other variables can throw off actual results.

Many a provider complicates matters by touting a wide range of accreditations. So how do you know where its true focus lies? Keep your needs close to the vest, while letting the service provider's sales team pitch their services to you. Which accreditations do the sales reps bring up early and often without any guidance from you? Usually, these are the accreditations the provider is focused on.

If you think industry accreditations and certifications are useless, think again. While I agree that an accreditation offers zero assurance that the provider is any better than another without this seal of approval, it can give an indication of whether the provider is a good fit for your needs.

Find out how a government program is putting cloud computing on the fast track to better security. Also in the Cloud Security issue of InformationWeek Government: Defense CIO Teri Takai on why FedRAMP helps everyone.

Andrew has well over a decade of enterprise networking under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-outs and prior experience at organizations such as State Farm Insurance, United Airlines and the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
David Wagner
50%
50%
David Wagner,
User Rank: Strategist
6/9/2014 | 4:18:03 PM
Mismatches?

@Andrew- I think you've got a good way of pushing through the sales fluff. But here's a question-- what do you do with a company that seems to fit your needs but they don't emphasize the types of credentials you are looking for? Do you think if you ask at that point it is too late to get an honest answer? So say security is your biggest need and the sales pitch emphasizies interoperability. Do you chalk that up as not a fit or just a sign that the sales team doesn't get security is your biggest need?
Curt Franklin
50%
50%
Curt Franklin,
User Rank: Strategist
6/9/2014 | 4:47:56 PM
A question of trust...
Andrew, this is a really thought-provoking post, but it leads to a question: If you can't trust the certificate to indicate that a service provider will deliver on their promise, how can you trust the certificate to be a reliable indicator of intent? What's the proper level of trust for such things?

I know that there are many degrees of trust -- I'm just very interested in what degree we might assume, and whether there are any general indicators for when that trust degree should rise or fall.
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
6/10/2014 | 7:18:32 AM
Re: Mismatches?
I don't think you assume that anything they don't mention is lacking.  Since each service is going to focus on why they went into business you're going to see some services downplayed.  The co-location site that I'm in was very low key about everything, it is small, they don't advertise, accounts are limited to customers of a specific ISP, but when I started asking questions I was amazed at what I was getting.  The site existed because a very large customer wanted an incredibly secure site for very sensitive information, since they had the space they decided to let some other customers rent racks.  They didn't really sell the site because it is not their primary offering.  Before I moved into this site I was with one that sold themselves on their connectivity.  They sat in a great spot that every telco in the area had access to but aside from their connectivity they had great physical security, incredible network guys and I never had a single problem with them.  I only moved because I could get my site space for free.
David Wagner
50%
50%
David Wagner,
User Rank: Strategist
6/10/2014 | 10:27:29 AM
Re: A question of trust...
@Curt- I think what Andrew is getting at is that it is like a dating profile. If you're really into roller derby and knitting, you don't start your dating profile by saying how much your into pina coladas and walks in the rain.

Presumably, if left to their own devices, providers will lead with their strengths or at least what they think are the most important things to you. Either way, it provides some sense of their mindset.
David Wagner
50%
50%
David Wagner,
User Rank: Strategist
6/10/2014 | 10:29:24 AM
Re: Mismatches?
@SaneIT- Sounds liek a slightly special deal, but one I'd love to find more often in my shopping life. when you get harder sells from people trying to get you to switch, do you assume their sales pitch plays to their strengths or is just lip service?
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
6/11/2014 | 7:16:55 AM
Re: Mismatches?
I assume that the sales pitches are tailored to their strengths and their values.  I find that by talking to people a little deeper than a sales pitch you can find out what is driving their company.  The site that I left was started by two guys who were frustrated at the cost of big pipes from major carriers and getting those pipes delivered.  So they setup in a building that the SONET of 4 major carriers ran past by a matter of feet.  This meant no cutting of roadways, no directional boring, no crazy expenses, they could just trench for a short distance and bring the lines in.  This let them get high availability for the sites they were running and sell space to other people.  Their site popped up as a side effect of them wanting something for themselves so that's how they sold it.  Talking to them though they were very sharp guys and had one of the tightest change management processes I've ever seen.  I never had a moment of down time, they were incredible about communicating changes and would even send me notifications if they thought they saw some odd traffic coming through any of my connections. 
batye
50%
50%
batye,
User Rank: Ninja
6/13/2014 | 3:41:42 PM
Re: Mismatches?
Dave... I think it depends on few factors in play... How I see it :)...
zerox203
50%
50%
zerox203,
User Rank: Ninja
6/18/2014 | 10:38:33 AM
Re: Provider Accreditations: Do They Matter?
Thanks for this, Andrew. The maligning of Accreditationsm, Certifications, and Awards alike are an oft-mentioned topic... but at the same time, they're also typically mentioned off-hand (''they're board certified, but we all know that doesn't mean anything"), without any deeper delving into the topic.  It's much appreciated to get a chance to clear the air on the matter for a change - and the fact that we already see some dissenting opinions here in the comments is proof enough that it's a topic worth discussing.

For what it's worth, I agree with you, Andrew. The truth is, that accreditation could be provided by anyone - and if you're dealing with fast-talkers, you may not even catch the providing organizations name. It's the old issue of 'who watches the watchers?'; there's no governance in place to assure high-quality or at least uniform guidelines... and even when there is, there's nothing to enforce people following them. So, no, a security accreditation doesn't mean that somebody has good security. It doesn't even truly mean they put all that much time into making sure it looks like they have good security. It does mean that some third party, someone, somewhere walked through their building and said 'yeah, this looks okay'. So accreditations are better than nothing, if only by a little bit.
kstaron
50%
50%
kstaron,
User Rank: Apprentice
6/19/2014 | 1:04:20 PM
A New Take
That's a new take on how to view accreditations. Which means now you have to go research who's giving them and what they focus on. Are there any accreditations that are breaking from the pack and meaning more than the others?
StaceyE
50%
50%
StaceyE,
User Rank: Apprentice
6/30/2014 | 7:23:17 PM
Re: Mismatches?
@ David

I think it's a little bit of both.
Page 1 / 2   >   >>
Transformative CIOs Organize for Success
Transformative CIOs Organize for Success
Trying to meet today’s business technology needs with yesterday’s IT organizational structure is like driving a Model T at the Indy 500. Time for a reset.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.