Security Questions To Ask Your Cloud Service Provider

Security Questions To Ask Your Cloud Service Provider

Moving software, websites, hardware needs and important services to the cloud is not without its risks. While cloud service subscribers can save a lot of IT budget funds in areas like software licensing, hardware costs, power charges and staff salaries, close attention must be paid to risk management. From general risks like not knowing who you’re really dealing with to very specific dangers like security and encryption, cloud customers must comprehend exactly what they’re dealing with and how to ask the right questions. This will allow them to choose the cloud service provider that will limit their risk and present the best possible service.

Transparency

This isn’t exactly a risk. It’s more of a rule of thumb right out of the gate. A cloud service provider must offer complete transparency, honestly answering all questions and supplying all information the client requests. So much of the risk management tips to follow flows from this need for transparency. There are questions to ask and if the cloud provider refuses to answer or is vague, it’s best to move on.

Who is Managing My Data?

From the engineers who manage network performance to the policy makers who direct IT departments, companies have the ability to scrutinize their prospective workers before hire. Background checks, calls to referrals and employment history verification can all be conducted by the employer beforehand. That ability is somewhat surrendered by moving to the cloud, but cloud customers are well within their rights to inquire about the qualifications and backgrounds of the cloud company’s staff, including qualifications and backgrounds. These administrators have privileged access to your data and you should know who they are.

What Access Controls are in Place?

Flowing from the need to know who manages your data is the need to know how and why. By moving to the cloud, companies give up their ability to limit physical access. Just because physical control is being transferred doesn’t mean companies give up their right to know what controls are in place to limit risk, though. Cloud companies need to disclose the exact data access control processes that dictate their administrators’ actions. Cloud subscribers should have a full understanding of who can access what data and under what conditions.

Is the Data Secured?

Security concerns don’t just come from people. Cloud providers can offer cost savings in part because, by nature, cloud storage environments are shared. Your company’s data, hosted web site, applications and more will usually live on the same server and storage area as many other companies’ information. A good cloud service provider needs to clearly explain how vital business data is segregated and secured. Encryption is a good start, but the provider must provide evidence that their encryption and other security methods have been tested, fine-tuned and proven effective.

Can they Pass Muster with Auditors?

Every business has certain conditions they must meet for regulatory compliance. This is especially true for law offices, accounting firms and companies who do a fair amount of business with local and federal governments. Regulations need to be met and annual IT audits must be performed to satisfy security concerns and ensure compliance with regulations. Customers need to find out whether the cloud provider conducts regular security audits and what their processes are for accommodating the needs of the customer’s auditors as well.

Where is the Data Actually Located?

The Internet has made the world smaller and has broken down barriers to entry in many fields. Cloud computing is one such industry. Anyone can buy shared hosting, put in some administrative time and offer server space and cloud services. Do you know what country your data actually lives in? You should, especially when it comes to local privacy laws and regulations. It’s important to find a cloud provider that will commit in writing to the specific storage location you need in order to ensure the data privacy requirements of your given jurisdiction.

Are they Here to Stay?

What happens to your data if your cloud service provider goes out of business or is bought out by another company? This is a crucial consideration, especially in a volatile economy full of shut downs, mergers and acquisitions. What guarantees can your cloud provider give regarding its long-term viability? What mechanisms are in place to guarantee the return of your data in the event of a bankruptcy or other business shutdown or turnover? Just like all the other risks outlined here, lifetime data assurance must be explained and put in writing to mitigate risks before any service agreement can be made with a cloud computing provider.

Contribution By Arthur Clyne

Arthur is a Montreal-based web and technology consultant for several local area businesses who occasionally handles freelance writing for local tech and telecom companies.

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

3 Responses to Security Questions To Ask Your Cloud Service Provider

  1. [...] Security is also stricter in cloud computing. Data is share within a server therefore the provider must ensure that each account is secured, that only authorized users in one account can access it. Loss of data is also avoided because the supplier must ensure that every hardware or software resources are high end because there are a lot of clients relying on the service. Backup is also sophisticated in cloud computing. A business owner need not worry about backup responsibilities because the supplier has taken steps to put up a great system for backup. Disk failure or server crash won’t create much problem because the supplier can easily restore the latest backup. [...]

Join Our Newsletter

Receive updates each week on news, tips, events, comics and much more...

Can I Contribute To CloudTweaks?

Yes, much of our focus in 2015 will be on working with other influencers in a collaborative manner. If you're a technology influencer looking to collaborate long term with CloudTweaks – a globally recognized leader in cloud computing information – drop us an email with “tech influencer” in the subject line.

Please review the guidelines before applying.

Contributors

Cloud Infographic – Wearable Tech And Preventative Healthcare

Cloud Infographic – Wearable Tech And Preventative Healthcare

Wearable Tech And Preventative Healthcare There are so many exciting new opportunities available to utilize wearable technology in the future.  Areas such as nanotechnology disease monitoring, crowdfunding to wearable accessories are some excellent examples of the potential. Estimates vary, but appear to suggest that the market will produce between $14-50 Billion over the next few years. Included below

Ten Tips For Successful Business Intelligence Implementation

Ten Tips For Successful Business Intelligence Implementation

Ten Tips for Successful Business Intelligence Implementation The cost of Business Intelligence (BI) software goes far beyond the purchase price. Time spent researching, implementing, and maintaining your BI investment can snowball quickly and mistakes are often expensive. Your time is valuable – save it by learning from other businesses’ experiences. We’ve compiled the top ten

Knots And Cloud Service Providers

Knots And Cloud Service Providers

How Do These Two Compare? In Boy Scouts, I learned how to tie knots. The quickest knot you can tie is the slipknot. It’s very effective for connecting one thing to another via the rope you have. It was used in setting up tents, mooring boats to docks temporarily and lifting your food up into

Aggregated News

Popular News Sources

Virtual reality movies are coming

Virtual reality movies are coming

In a decade or two, going to the movie theater could feel as outdated as renting a VHS tape. That’s the future virtual reality enthusiasts from Oculus VR and elsewhere are sketching out, extolling the … Read the source article at Yahoo Finance About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of

Amazon Earnings: What to Watch

Amazon Earnings: What to Watch

Amazon Earnings Amazon.com is scheduled to report third-quarter financial results after regular trading hours Thursday. Here’s what you need to know:  Read the source article at WSJ Blogs About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are

Hitachi Data Systems Launches New Public Safety and Smart City Solutions

Hitachi Data Systems Launches New Public Safety and Smart City Solutions

Smart City Solutions ORLANDO, FL–(Marketwired – Oct 23, 2014) – Hitachi Data Systems Corporation, a wholly owned subsidiary of Hitachi, Ltd. (TSE: 6501), today announced Hitachi Visualization, public safety solutions that foster safer, smarter, more efficient communities through connected intelligence. Read the source article at Yahoo Finance Add The CloudBuzz XML Feed To Receive News Updates