Ten Critical Questions to Ask Your Cloud Provider - Slide 3

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Next Ten Critical Questions to Ask Your Cloud Provider-3 Next

In many cases, the difficulty with encryption lies not in the encryption process itself but in the management of the encryption keys. Make sure the prospective vendor provides both physical and logical separation between the encryption keys and the encrypted data. Separate data centers would be optimal, so that there can be no single point of failure or compromise. You will also want to ensure that the vendor has segmented access to their systems so that in general employees only have access to one data center or the other, further protecting access to your data. In addition, ensure that the encrypted file data and the proper file version encryption key are brought together only on an as-needed basis, and in a way that can be audited.

It is important to ensure that an encrypted file cannot be decrypted by anyone. The absolute highest level of security is to own and manage the keys to ensure actual control. However, this is generally so burdensome, particularly in cases where users share and collaborate with one another, that there is a significant risk that users will use simpler methods such as emailing files via their private email accounts, defeating the purpose of the system. A compromise is to have the vendor manage the keys on your behalf. In this case, the vendor should be able to explain how they ensure that the keys are properly managed and, optionally, provide you with the ability to control a key escrow so you can own the keys.

The gold standard is a dual-responsibility model where two authorized employees must combine their authority before access can be granted, such as in the case of a two-data-center security architecture.

There is no question that businesses can benefit from moving data to the cloud. The cloud is elastic and efficient. It can improve user productivity and unburden IT staff, saving time and money. It can accommodate anything from simple file sharing to mission-critical data backup. The question is, just how secure is your cloud? And how do you know?

There are major differences among cloud providers in their approach to security and their use of security technologies, processes, and personnel. These differences can have a major impact on the availability, integrity, accessibility, privacy, and compliance of your data — and can directly impact your business.

This slideshow provides a list of questions, developed by Syncplicity, that you should ask any prospective cloud provider, whether that is your internal IT department or a third-party cloud service provider.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

IT security careers The Most In-Demand Security Jobs and How to Get Them

Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.