Ten Critical Questions to Ask Your Cloud Provider - Slide 2

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Next Ten Critical Questions to Ask Your Cloud Provider-2 Next

The overall approach is crucial. If the vendor is of the opinion that password protection for a file or laptop is sufficient to prevent unauthorized access to content, or that data encryption is needed only for data that is in transit and not at rest, you may want to consider other cloud providers. Encryption of all data, in transit, at rest, and in mobile devices, should be the basis of any holistic security solution.

Failure to encrypt all content can have serious consequences, most notably in the area of regulatory compliance. The data-breach laws mentioned previously are only the tip of the iceberg. In the U.S. alone, legislation such as the Gramm-Leach Bliley Act (GLBA), the Payment Card Industry Data Security Standard (PCI DSS), the Financial Industry Regulatory Authority (FINRA), the Health Insurance Portability and Accountability Act (HIPAA), and the Personal Information Protection and Electronic Documents Act (PIPEDA) could all be violated by a loss of unencrypted data. On the other hand, proper encryption not only defends against such violations but also creates new business opportunities and competitive advantages, such as the ability to transact securely any time, from anywhere, and the ability to serve new customer segments or geographies.

Regarding the actual encryption of the data, make sure all data is transferred and stored using the highest levels of encryption: 256-bit Advanced Encryption Standard (AES) SSL for transit, and 256-bit AES for data at rest (introduced by the National Institute of Standards and Technology or NIST). AES is the only publicly accessible and open encryption technology approved by the National Security Agency (NSA) for Top Secret information. There is simply no excuse for using any lower-grade encryption technology.

There is no question that businesses can benefit from moving data to the cloud. The cloud is elastic and efficient. It can improve user productivity and unburden IT staff, saving time and money. It can accommodate anything from simple file sharing to mission-critical data backup. The question is, just how secure is your cloud? And how do you know?

There are major differences among cloud providers in their approach to security and their use of security technologies, processes, and personnel. These differences can have a major impact on the availability, integrity, accessibility, privacy, and compliance of your data — and can directly impact your business.

This slideshow provides a list of questions, developed by Syncplicity, that you should ask any prospective cloud provider, whether that is your internal IT department or a third-party cloud service provider.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

BitSightRansomware0x Ransomware: The Rising Face of Cybercrime

Ransomware is a legitimate threat, with estimates from the U.S. Department of Justice showing that over 4,000 of these attacks have occurred every day since the beginning of the year. ...  More >>

Security121-190x128 5 Ways CFOs Can Implement an Effective Cybersecurity Strategy

While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. ...  More >>

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.