Impact on vendor trust and certification verification
This case highlights the vulnerabilities that organizations face when counting on third-party certifications. The fraudulent certification raises serious concerns for CIOs and IT leaders who depend upon certified data centers to make sure fault tolerance and security for critical data.
“With this episode, organizations can have to go deeper to confirm the reported credentials, including certifications, of a brand new vendor on the block. A cursory check and balance on the name of the certifying authority will help to know the likely authenticity of the certification claim,” said Abhishek Gupta, CIO at leading Indian satellite broadcaster DishTV.
CIOs often depend on multiple sources when evaluating recent data center partners. Client references, physical site visits, and informal validation through the CIO community are a part of the method.
“Even today, IT leaders try to guage the actual performance of a brand new prospect before onboarding as an information center partner,” Gupta added. “While certifications are essential for evaluating the extent of fault tolerance, additional measures, equivalent to verifying the certifying authority’s legitimacy, are more likely to gain more importance.”
“Tier certifications for data centers have long been used as a benchmark for reliability and resiliency,” said Saurabh Gugnani, director and head of cyber defense, IAM, and application security at Dutch skilled services firm TMF Group. “Nevertheless, if an authorized datacenter fails to fulfill the promised levels of service or experiences a serious outage, it could affect the credibility of those certifications.”
The certification authenticity forms a smaller a part of overall final decision-making, said Gupta. In accordance with him, this episode shouldn’t change the evaluation methodology.
