What Should You Look For In A Cloud Security Vendor?

What Should You Look For In A Cloud Security Vendor?

What Should You Look For In A Cloud Security Vendor?

Protecting the security of your cloud data during its transmission, storage, and access is an ongoing, fundamental concern as technology continues to evolve, intrusion possibilities increase, and BYOD becomes more common. Here are the five areas to consider when evaluating how the security of your cloud vendor stacks up.

How is My Data Physically Protected?

Any potential problem or threat to the physical data center should be covered from every angle, with continual and back up protection plans in place. Environmental controls should be systematic through proactive care and maintenance of the data center, including fire detection and suppression systems, climate and temperature controls, and 24/7 electrical power with redundancy and generator backup. It also means consistent identification and problem resolution for electrical, mechanical, and other systems for ongoing equipment operability.

How do I know Transmission Over the Network is Secure?

Encryption for data in transit over the network should be at the most advanced level—such as 256-bit SSL—and include enterprise-grade security measures over networks without WAN or VPN controls (like many companies these days). Additionally, advanced network security protection such as unique key management functionality is recommended.

How is My Data Protected in the Cloud?

Data stored in the cloud should be protected with the strictest authentication and access controls. Stored data should be encrypted, such as with 256-bit AES.

When it comes to file retention and version control, the customers should be able to enforce their own retention policies. They should also be able to remove access for single accounts if desired. This means that if a hacker gains access to the data of one company, they do not gain access to any other companies’ data. Customer access to data should be controlled by 2-factor encryption. Data compartmentalization schemes ideally utilize a multi-pronged segregation approach, with the following types of measures in place: access credentials, customer meta data with the use of S3 buckets and unique 256 AET encryption keys.

How is Data Access Managed?

The need of users to retrieve data must be weighed against the security of data access itself. Access to data should require single sign-on with SAML 2.0, as well as multi-step authentication, such as two-factor encryption-based credentials and use of a different PIN entry each time.

Access controls by the customer should also be available by different and separate admin roles, such as a server or profile administrator, based on their responsibility for data access. The cloud vendor should not have any access to the company’s data unless expressly permitted by the customer.

The customer should be able to set access controls for different roles, such as server or profile administrator, based on their responsibility for data access.

In order to provide transparency and accountability, there should be a complete audit trail of all data access activity available.

What Happens to Data if a Disaster or Failure Occurs?

In case of disaster such as power or other data center failure, service levels and data access should still be maintained. This can be achieved with data redundancy controls, such as having separate data centers clustered in key global regions and multi-zone redundancy in case failure occurs in any one zone.

No matter how cloud technology changes, end-to-end data protection is a must. Find out how your cloud vendor secures its data from all points.

By Srivatsan Srinivasan

Senior Product Marketing Manager at Druva.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Connecting With Customers In The Cloud

Connecting With Customers In The Cloud

Customers in the Cloud Global enterprises in every industry are increasingly turning to cloud-based innovators like Salesforce, ServiceNow, WorkDay and Aria, to handle critical systems like billing, IT services, HCM and CRM. One need look no further than Salesforce’s and Amazon’s most recent earnings report, to see this indeed is not a passing fad, but…

Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the customer” may be more powerful. Two recurring revenue imperatives highlight the importance of responding to, and cherishing customer interactions. Technology and competitive advantage influence the final two. If you’re part of the movement towards recurring…

Digital Twin And The End Of The Dreaded Product Recall

Digital Twin And The End Of The Dreaded Product Recall

The Digital Twin  How smart factories and connected assets in the emerging Industrial IoT era along with the automation of machine learning and advancement of artificial intelligence can dramatically change the manufacturing process and put an end to the dreaded product recalls in the future. In recent news, Samsung Electronics Co. has initiated a global…

How The CFAA Ruling Affects Individuals And Password-Sharing

How The CFAA Ruling Affects Individuals And Password-Sharing

Individuals and Password-Sharing With the 1980s came the explosion of computing. In 1980, the Commodore ushered in the advent of home computing. Time magazine declared 1982 was “The Year of the Computer.” By 1983, there were an estimated 10 million personal computers in the United States alone. As soon as computers became popular, the federal government…

Technology Influencer in Chief: 5 Steps to Success for Today’s CMOs

Technology Influencer in Chief: 5 Steps to Success for Today’s CMOs

Success for Today’s CMOs Being a CMO is an exhilarating experience – it’s a lot like running a triathlon and then following it with a base jump. Not only do you play an active role in building a company and brand, but the decisions you make have direct impact on the company’s business outcomes for…

Achieving Network Security In The IoT

Achieving Network Security In The IoT

Security In The IoT The network security market is experiencing a pressing and transformative change, especially around access control and orchestration. Although it has been mature for decades, the network security market had to transform rapidly with the advent of the BYOD trend and emergence of the cloud, which swept enterprises a few years ago.…

Three Tips To Simplify Governance, Risk and Compliance

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

3 Keys To Keeping Your Online Data Accessible

3 Keys To Keeping Your Online Data Accessible

Online Data Data storage is often a real headache for businesses. Additionally, the shift to the cloud in response to storage challenges has caused security teams to struggle to reorient, leaving 49 percent of organizations doubting their experts’ ability to adapt. Even so, decision makers should not put off moving from old legacy systems to…

Beacons Flopped, But They’re About to Flourish in the Future

Beacons Flopped, But They’re About to Flourish in the Future

Cloud Beacons Flying High When Apple debuted cloud beacons in 2013, analysts predicted 250 million devices capable of serving as iBeacons would be found in the wild within weeks. A few months later, estimates put the figure at just 64,000, with 15 percent confined to Apple stores. Beacons didn’t proliferate as expected, but a few…