- November 15, 2022: Added “Cloud Service Provider” to glossary; Enhanced Rating now available.
- March 13, 2020: Published.
- Cloud Service Provider (CSP)
- A provider of Cloud services.
- External Service Provider
- Cloud providers and other companies that own an IP-space where an organization’s assets are hosted.
Examples: Infrastructure-as-a-Service (IaaS) providers, internet service providers (ISP), and data centers.
- Fourth Party
- A service provider that third parties depend on.
- Internet Service Provider (ISP)
- An organization that provides services for accessing, using, or participating in the Internet.
- Service Provider
- A company that handles or delivers services for other companies, such as web hosting, certificate signing, cloud infrastructure services, or email hosting. Nearly all organizations depend on these various types of service providers to successfully run their businesses.
- Service Provider Product
- Service offerings, such as web hosting, certificate signing, cloud infrastructure services, email hosting, etc.
To provide a better representation of certain Cloud Service Provider’s security posture, select providers have an Enhanced Rating.
Service Provider Label
Though a service provider is a company that provides any type of service (including on-premise solutions), a service provider that owns and operates an infrastructure that’s controlled or are used by its customers is designated and labeled as a “Service Provider” in the Bitsight platform.
This distinction is provided since some findings on their networks may be due to customer activity. The security rating of such companies are usually very low. In actuality, the security posture of the service provider’s own internal operations and the services they offer is generally better than the aggregated security posture of the individuals or companies that are renting the infrastructure.
Learn more about Shared Responsibility with Cloud Service Providers.
- Fourth party breaches and downtime may lead to direct revenue loss, including loss of customer confidence.
- Disruption of certain services may enable attackers to use company assets to deliver malware to employees and customers, or download company intellectual property, or compromise customer data.