Ten Critical Questions to Ask Your Cloud Provider - Slide 4

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11
Next Ten Critical Questions to Ask Your Cloud Provider-4 Next

Certifications are issued today for virtually every aspect of information handling — from the data center itself to information protection practices.

Ideally, the vendor’s data centers will have successfully completed a SOC 1 audit under SSAE-16 guidelines (formerly SAS70 Type II), as well as testing from independent auditors. An SSAE-16 audit verifies that the cloud provider’s data centers have met rigorous requirements around physical security, physical access, and internal controls. It also allows cloud providers to disclose their control activities and processes to their customers and their customers’ auditors in a uniform reporting format.

In addition, ask prospective cloud providers whether they are FISMA-certified (indicating a high level of commitment to data security), and whether they are certified for compliance with PCI DSS, ISO 27001, HIPAA, and FIPS 140-2.

Finally, while you may want your provider to ensure they can reliably store your data forever, you will also want to ensure that they properly handle the cases where data must be reliably destroyed. Compliance with Department of Defense 5220.22-M or NIST 800-88 ensures your provider properly handles media sanitation, such as in cases where a server holding customer information is retired with the information on it permanently and irrecoverably destroyed to prevent third parties from accessing the information.

There is no question that businesses can benefit from moving data to the cloud. The cloud is elastic and efficient. It can improve user productivity and unburden IT staff, saving time and money. It can accommodate anything from simple file sharing to mission-critical data backup. The question is, just how secure is your cloud? And how do you know?

There are major differences among cloud providers in their approach to security and their use of security technologies, processes, and personnel. These differences can have a major impact on the availability, integrity, accessibility, privacy, and compliance of your data — and can directly impact your business.

This slideshow provides a list of questions, developed by Syncplicity, that you should ask any prospective cloud provider, whether that is your internal IT department or a third-party cloud service provider.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Compliance4-190x128 GRC Programs: Building the Business Case for Value

Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ...  More >>

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.