Security Questions To Ask Your Cloud Service Provider

Security Questions To Ask Your Cloud Service Provider



Moving software, websites, hardware needs and important services to the cloud is not without its risks. While cloud service subscribers can save a lot of IT budget funds in areas like software licensing, hardware costs, power charges and staff salaries, close attention must be paid to risk management. From general risks like not knowing who you’re really dealing with to very specific dangers like security and encryption, cloud customers must comprehend exactly what they’re dealing with and how to ask the right questions. This will allow them to choose the cloud service provider that will limit their risk and present the best possible service.

Transparency

This isn’t exactly a risk. It’s more of a rule of thumb right out of the gate. A cloud service provider must offer complete transparency, honestly answering all questions and supplying all information the client requests. So much of the risk management tips to follow flows from this need for transparency. There are questions to ask and if the cloud provider refuses to answer or is vague, it’s best to move on.

Who is Managing My Data?

From the engineers who manage network performance to the policy makers who direct IT departments, companies have the ability to scrutinize their prospective workers before hire. Background checks, calls to referrals and employment history verification can all be conducted by the employer beforehand. That ability is somewhat surrendered by moving to the cloud, but cloud customers are well within their rights to inquire about the qualifications and backgrounds of the cloud company’s staff, including qualifications and backgrounds. These administrators have privileged access to your data and you should know who they are.

What Access Controls are in Place?

Flowing from the need to know who manages your data is the need to know how and why. By moving to the cloud, companies give up their ability to limit physical access. Just because physical control is being transferred doesn’t mean companies give up their right to know what controls are in place to limit risk, though. Cloud companies need to disclose the exact data access control processes that dictate their administrators’ actions. Cloud subscribers should have a full understanding of who can access what data and under what conditions.

Is the Data Secured?

Security concerns don’t just come from people. Cloud providers can offer cost savings in part because, by nature, cloud storage environments are shared. Your company’s data, hosted web site, applications and more will usually live on the same server and storage area as many other companies’ information. A good cloud service provider needs to clearly explain how vital business data is segregated and secured. Encryption is a good start, but the provider must provide evidence that their encryption and other security methods have been tested, fine-tuned and proven effective.

Can they Pass Muster with Auditors?

Every business has certain conditions they must meet for regulatory compliance. This is especially true for law offices, accounting firms and companies who do a fair amount of business with local and federal governments. Regulations need to be met and annual IT audits must be performed to satisfy security concerns and ensure compliance with regulations. Customers need to find out whether the cloud provider conducts regular security audits and what their processes are for accommodating the needs of the customer’s auditors as well.

Where is the Data Actually Located?

The Internet has made the world smaller and has broken down barriers to entry in many fields. Cloud computing is one such industry. Anyone can buy shared hosting, put in some administrative time and offer server space and cloud services. Do you know what country your data actually lives in? You should, especially when it comes to local privacy laws and regulations. It’s important to find a cloud provider that will commit in writing to the specific storage location you need in order to ensure the data privacy requirements of your given jurisdiction.

Are they Here to Stay?

What happens to your data if your cloud service provider goes out of business or is bought out by another company? This is a crucial consideration, especially in a volatile economy full of shut downs, mergers and acquisitions. What guarantees can your cloud provider give regarding its long-term viability? What mechanisms are in place to guarantee the return of your data in the event of a bankruptcy or other business shutdown or turnover? Just like all the other risks outlined here, lifetime data assurance must be explained and put in writing to mitigate risks before any service agreement can be made with a cloud computing provider.

By Arthur Clyne

Arthur is a Montreal-based web and technology consultant for several local area businesses who occasionally handles freelance writing for local tech and telecom companies.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence Supports Better Business Performance

Cloud-based GRC Intelligence All businesses need a strategy and processes for governance, risk and compliance (GRC). Many still view GRC activity as a burdensome ‘must-do,’ approaching it reactively and managing it with non-specialized tools. GRC is a necessary business endeavor but it can be elevated from a cost drain to a value-add activity. By integrating…

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Secure Third Party Access Still Not An IT Priority Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT consultants, to supply chain analysts and beyond, the threats posed by third parties are real and growing. Deloitte, in its Global Survey 2016 of third party risk, reported…

Using Cloud Technology In The Education Industry

Using Cloud Technology In The Education Industry

Education Tech and the Cloud Arguably one of society’s most important functions, teaching can still seem antiquated at times. Many schools still function similarly to how they did five or 10 years ago, which is surprising considering the amount of technical innovation we’ve seen in the past decade. Education is an industry ripe for innovation…

LAVABIT, EDWARD SNOWDEN, AND THE LEGAL BATTLE FOR PRIVACY

LAVABIT, EDWARD SNOWDEN, AND THE LEGAL BATTLE FOR PRIVACY

The Legal Battle For Privacy In early June 2013, Edward Snowden made headlines around the world when he leaked information about the National Security Agency (NSA) collecting the phone records of tens of millions of Americans. It was a dramatic story. Snowden flew to Hong Kong and then Russia to avoid deportation to the US,…

Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved. But although more and more businesses are…

Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the customer” may be more powerful. Two recurring revenue imperatives highlight the importance of responding to, and cherishing customer interactions. Technology and competitive advantage influence the final two. If you’re part of the movement towards recurring…

Get Ready For Virtual Reality and the Cloud

Get Ready For Virtual Reality and the Cloud

Virtual Reality Cloud We’re lucky to live in an era where virtual reality is no longer relegated to the confines of a sci-fi movie universe. Thanks to technology introduced by products like Oculus Rift, consumers now have access to virtual environments with fully immersive graphic capabilities. As a result, companies have only just begun to…

The Internet of Things – Redefining The Digital World As We Know It

The Internet of Things – Redefining The Digital World As We Know It

Redefining The Digital World According to Internet World Stats (June 30th, 2015), no fewer than 3.2 billion people across the world now use the internet in one way or another. This means an incredible amount of data sharing through the utilization of API’s, Cloud platforms and inevitably the world of connected Things. The Internet of Things is a…

Low Cost Cloud Computing Gives Rise To Startups

Low Cost Cloud Computing Gives Rise To Startups

Balancing The Playing Field For Startups According to a Goldman Sachs report, cloud infrastructure and platform spending could reach $43 billion by 2018, which is up $16 billion from last year, representing a growth of around 30% from 2013 said the analyst. This phenomenal growth is laying the foundation for a new breed of startup…

Cloud Infographic: The Future of File Storage

Cloud Infographic: The Future of File Storage

 The Future of File Storage A multi-billion dollar market Data storage has been readily increasing for decades. In 1989, an 8MB Macintosh Portable was top of the range; in 2006, the Dell Inspiron 6400 became available, boasting 160GB; and now, we have the ‘Next Generation’ MacBook Pro with 256GB of storage built in. But, of course,…

Infographic: IoT Programming Essential Job Skills

Infographic: IoT Programming Essential Job Skills

Learning To Code As many readers may or may not know we cover a fair number of topics surrounding new technologies such as Big data, Cloud computing , IoT and one of the most critical areas at the moment – Information Security. The trends continue to dictate that there is a huge shortage of unfilled…

Disaster Recovery And The Cloud

Disaster Recovery And The Cloud

Disaster Recovery And The Cloud One of the least considered benefits of cloud computing in the average small or mid-sized business manager’s mind is the aspect of disaster recovery. Part of the reason for this is that so few small and mid-size businesses have ever contemplated the impact of a major disaster on their IT…

6 Tech Predictions To Have A Major Impact In 2016

6 Tech Predictions To Have A Major Impact In 2016

6 Tech Predictions To Have A Major Impact The technology industry moves at a relentless pace, making it both exhilarating and unforgiving. For those at the forefront of innovation it is an incredibly exciting place to be, but what trends are we likely to see coming to the fore in 2016? Below are six predictions…

Using Private Cloud Architecture For Multi-Tier Applications

Using Private Cloud Architecture For Multi-Tier Applications

Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle different functions, a multitude of apps require public and private-facing components to work in tandem. Placing these apps in entirely public-facing platforms and networks simplifies the process, but at the cost of security vulnerabilities. Locating everything…

Big Data’s Significant Role In Fintech

Big Data’s Significant Role In Fintech

Data Banking Fintech covers a range of financial fields such as retail banking, investments, and lending and thanks to the mobile and internet innovations of late is a thriving sector. Offering improvements which drive customer satisfaction and education in an area previously inscrutable and dictated by gigantic inflexible corporations, fintech is helping put the power…

Battle of the Clouds: Multi-Instance vs. Multi-Tenant

Battle of the Clouds: Multi-Instance vs. Multi-Tenant

Multi-Instance vs. Multi-Tenant The cloud is part of everything we do. It’s always there backing up our data, pictures, and videos. To many, the cloud is considered to be a newer technology. However, cloud services actually got their start in the late 90s when large companies used it as a way to centralize computing, storage,…

Infographic: 9 Things To Know About Business Intelligence (BI) Software

Infographic: 9 Things To Know About Business Intelligence (BI) Software

Business Intelligence (BI) Software  How does your company track its data? It’s a valuable resource—so much so that it’s known as Business Intelligence, or BI. But using it, integrating it into your daily processes, that can be significantly difficult. That’s why there’s software to help. But when it comes to software, there are lots of…

Cukes and the Cloud

Cukes and the Cloud

The Cloud, through bringing vast processing power to bear inexpensively, is enabling artificial intelligence. But, don’t think Skynet and the Terminator. Think cucumbers! Artificial Intelligence (A.I.) conjures up the images of vast cool intellects bent on our destruction or at best ignoring us the way we ignore ants. Reality is a lot different and much…