You should expect to retain end-to-end, lifecycle control over where, when and how your data flows and how it is physically stored. When data is created, there should be a customer-controlled system for capturing the content (files, documents, or messages), policies for uploading the content, and centralized control over which users and which devices can access or make changes to the content. During the midlife of the content, controls are needed to capture the edits and changes made by various authorized users. And at the end of the lifecycle, controls are needed to ensure that the content is properly archived or wiped (destroyed).
Make sure your cloud provider can easily enforce the data retention policies you set, so that shared files and folders can be automatically and permanently deleted from user devices when required. Also, look for the ability to remotely wipe any user’s account — including all of the computers and mobile devices they use — in the event that a device is lost or stolen.
You should also receive a detailed plan that defines the course of action in the event that data is in the wrong places, due to misconfiguration, maliciousness or error. Make sure that your prospective vendor has the capability to provide the level of control you expect.
There is no question that businesses can benefit from moving data to the cloud. The cloud is elastic and efficient. It can improve user productivity and unburden IT staff, saving time and money. It can accommodate anything from simple file sharing to mission-critical data backup. The question is, just how secure is your cloud? And how do you know?
There are major differences among cloud providers in their approach to security and their use of security technologies, processes, and personnel. These differences can have a major impact on the availability, integrity, accessibility, privacy, and compliance of your data — and can directly impact your business.
This slideshow provides a list of questions, developed by Syncplicity, that you should ask any prospective cloud provider, whether that is your internal IT department or a third-party cloud service provider.