REQU-01

Are you offering a cloud-based product?

Explanation

This question is asking whether your company offers a product that is hosted in the cloud and accessed by customers over the internet, as opposed to software that is installed on-premises or a pure consulting/professional service. In the context of a security assessment, this question helps the assessor understand the deployment model of your offering, which significantly impacts the security considerations. Cloud-based products introduce specific security concerns such as: 1. Data storage location and sovereignty 2. Shared responsibility model between the vendor and the cloud provider 3. Multi-tenancy risks 4. Network security in cloud environments 5. Access controls and authentication mechanisms If you offer a cloud-based product, subsequent questions in the assessment will likely delve deeper into how you secure your cloud infrastructure, manage access controls, handle data in the cloud, and implement security monitoring. To best answer this question: - Be clear about your deployment model - If you have multiple offerings, specify which ones are cloud-based - If you use the term 'SaaS' (Software as a Service), 'PaaS' (Platform as a Service), or 'IaaS' (Infrastructure as a Service), these are all considered cloud-based products - If your product is installed on customer premises or if you only provide professional services without a technology product, answer 'No'

Guidance

If you are only offering a service, or are offering a product that is not cloud-based, answer "no".

Example Responses

Example Response 1

Yes Our primary offering, SecureAnalytics Platform, is a cloud-based SaaS solution hosted in AWS data centers Customers access the platform through a web browser, and all data processing and storage occurs within our cloud infrastructure We do not offer an on-premises deployment option for this product.

Example Response 2

No While we do leverage cloud technologies internally, our product DataGuard is delivered as an on-premises software solution that customers install in their own data centers or private clouds We provide installation files and documentation, but the customer is responsible for hosting and running the software within their environment.

Example Response 3

Partially Our company offers both cloud-based and on-premises solutions Our flagship product, ComplianceTracker, is available as a SaaS offering hosted in Microsoft Azure (cloud-based), but we also offer a version that can be deployed in a customer's private data center (on-premises) Since we do offer a cloud-based product option, we should answer 'Yes' to this question and can provide details about both deployment models in subsequent questions.

Context

Tab
Infrastructure
Category
Required Questions

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron