Thinking About The Cloud? Here are the top 10 questions you need to ask any cloud services provider before you sign their agreement or agree to their terms of service!
Chances are your business is using some kind of cloud solution. From legal services to construction, organizations of all kinds rely on the cloud to improve collaboration, productivity, scalability, and to cut costs. But some are worried that using the Cloud isn’t secure. What do you need to know about the safety of cloud computing?
When selecting a cloud provider, you should do your homework. Your business needs a robust and comprehensive data security policy when it comes to the Cloud. And your cloud provider should play a role in the development and execution of this very important strategy.
It’s important that you trust your cloud provider. When considering a move to the Cloud, there are a number of security questions that you should ask in advance.
- Do they have a regular backup schedule?
Cloud computing has changed the way we store and recover data. Make sure your cloud provider deploys continuous backups of your data with redundancies. If you use virtualization they should be backing up your entire IT infrastructure and applications on a regular basis.
- Are backups stored separately from one another?
This adds an additional layer of security to prevent data loss. If one cloud storage goes down, you can restore your data from one of the other backups. Ask how this can further safeguard your information.
- Does your cloud provider perform regular security audits?
Will they give you the results of the audits? Any cloud service worth paying for should offer this. You need the assurance that your data will be safe from corruption, malware, system failures, or damage to the physical infrastructure where it’s stored.
- Will they encrypt your data? Who holds the encryption key?
Will your data be encrypted during transmission as well as in storage? Encryption uses an algorithm to transform information into unreadable ciphertext. It can only be decrypted with an encryption key. You should hold the encryption key.
- Most cloud providers offer a 99.9% uptime guarantee. This gives you the peace of mind that you’ll experience 8.77 hours or less of downtime per year. Do they offer an uptime guarantee in their Service Level Agreement (SLA)?
In some instances, they’ll offer a 99.999% uptime. This will cost you more but depending on your business, it may worth it. A 99.999% uptime guarantees that you’ll only risk 5.26 minutes or less of downtime per year.
- Do They Have A Disaster Recovery Plan? How Frequently Do They Test It?
This is a must. A Disaster Recovery (DR) plan is an essential part of business continuity. However, not all providers test their DR plans. Without regular testing and verification of your DR plan, you should be nervous about moving to the Cloud! You won’t know whether your backups are recoverable.
Your cloud provider must set Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for your critical data and applications. A reliable cloud provider will offer regular DR testing and ongoing monitoring, so you’ll know your IT assets are regularly backed up and always secure. Also, ask them to provide the results of their disaster recovery tests on a regular basis.
- Do they provide the IT compliance support you’ll need?
Will they give you periodic reports confirming your compliance with security requirements? Strictly regulated organizations like those in healthcare or financial services must ensure that their data storage and cloud computing processes comply with industry and government regulations such as HIPAA, FISMA, and PCI-DSS. Plus, you need the assurance that your cloud provider will be there for you 24/7 if you have any concerns about your confidential information in the Cloud.
- Will they conduct Security Awareness Training for your employees?
Your end users are the biggest threat to your data security. Human error is responsible for many data breaches. Your cloud provider should train your employees to recognize phishing attempts and counterfeit URLs and teach them to avoid being victimized by hackers. Knowing that your cloud provider can educate your users about good IT security hygiene is an important step to knowing your data remains safe.
- How do they authenticate and authorize access to your cloud resources?
Because your employees can now access your data from anywhere, it’s essential that your cloud provider has strong authentication and authorization policies in place and that your users are trained to follow them.
- What happens if there’s a security incident?
Cloud Service Providers generally are only responsible for monitoring, disclosing, and responding to security breaches on their infrastructure.
Your cloud service provider will make sure that only authorized parties have physical access to their data centers. They will run security appliances to address any issues of the network itself.
They will let you know if there’s a security incident and will address the infrastructure related issues for you. Any software-related incidents are your responsibility. And software access management is up to you to protect.
If your business uses any type of cloud solution, you need to be assured that your data and IT system will be safe. By asking these important questions and getting the answers you need, you shouldn’t be nervous about moving to the Cloud.
Check out our Blog articles to educate yourself about cloud computing and other IT topics such as these: