Businesses that are thinking about moving critical applications and sensitive data to a public or shared cloud must address cloud security. Cloud security and controls should provide the same or a greater level of security than the business would have in-house. Before deciding on a cloud hosting provider consider these 10 points:*
1. Where is the data being hosted: Even if your data is being hosted in the cloud, it is still in a physical location. Know where those data centers are located and consider geographically diverse locations.
2. Who has access? Access control is a key concern, because insider attacks are a huge risk. Those with access to your data could be potential hackers. Have your IT firm do due diligence on who exactly is managing and accessing your data and know what types of controls are applied to each of these individuals.
3. What are your regulatory requirements? Ensure that your cloud provider is able to meet regulatory and compliance requirements for your industry, has gone through the certification process and review accreditations.
4. Do you have the right to audit? This particular item is no small matter; the cloud provider should agree in writing to the terms of audit.
5. What type of training does the provider offer their employees? A cloud provider’s security is only ask good as its weakest link, which is often humans. Ask how your provider trains their staff on security policy.
6. What type of data classification system does the provider use? Questions you should be concerned with include: Is the data classified? How is data separated from other users? How is encryption applied — at rest or in transit? What type of encryption is used?
7. What are the service level agreement (SLA) terms? The SLA serves as a contracted level of guaranteed service between the cloud provider and the customer and specified what level of services will be provided.
8. What is the long-term viability of the provider? How long has the cloud provider been in business and what is their track record? What happens to your data if the cloud provider goes out of business? Will the data be returned and in what format?
9. What happens if there is a security breach? If a security incident occurs, what support will you receive?
10. What is the disaster recovery/business continuity plan (DR/BCP)? All physical locations face threats such as fire, storms, floods, natural disasters, loss of power, etc. In case of these events, how will the cloud provider respond and what guarantee of continued services are they providing?
ACE IT Solutions closely vets our cloud providers to ensure maximum uptime and security. We deliver a portfolio of best-of-breed cloud computing solutions that are secure, cost-effective and flexible enough to meet the specific needs of any business. Contact us at 646.558.5575 for more information.
* Based on Global Knowledge, 10 Security Concerns for Cloud Security whitepaper