How can you be sure cloud vendors will keep your data safe as privacy rules get tighter? Here are seven questions you need answered before signing a contract.
Cloud is quickly becoming the standard way of managing IT operations for many businesses. Many organizations are now so reliant on cloud computing services that they would not function at all without them.
For this reason, choosing the right provider is not a task to be treated lightly. In particular, understanding how they store and process business' confidential data needs to be a top priority, especially in light of new regulations such as the EU's GDPR, which places high standards on how personal data is handled.
There are a few key questions regarding data handling and security that businesses must ask when they are evaluating a potential cloud vendor. Here are seven that organizations need answers to.
1. How much control will I have over my data?
One of the top concerns for many firms when considering the cloud will be exactly who has control of their data once it is outside a business' direct oversight. Companies should gain assurances from their provider about what options they have to set and enforce policies throughout all stages of the data lifecycle, from creation to destruction.
2. Who will have access to my data?
Secure access control policies are another must-have before any company signs up with a cloud provider. These must detail what protections are in place to restrict access to data, what precise policies IT teams will be able to implement, and what steps will be taken to detect and block unauthorized access.
3. How do you monitor and document activity on my account?
Related to access control policies, cloud vendors must also be able to explain how they monitor what is happening within a user's account, including which users are accessing which files and when, who is making changes to settings or permissions, and how easy it will be to alert admins and revert to previous versions should any suspicious activity occur.
4. How specifically do you encrypt my data?
Understanding the encryption standards that cloud vendors apply to your business' data is also essential if you are to be confident it is adequately protected. Make sure you ask what standards they use for this - anything less than 256-bit Advanced Encryption Standard (AES) level encryption should be avoided - as well as how they manage their encryption keys.
5. What do you do to ensure my data is isolated from other users?
With public cloud providers hosting your digital assets in large data centers with many users' data sitting side-by-side on the same servers, what steps will the provider take to ensure your property is effectively isolated from those of other customers? Make sure the vendor can provide a detailed description of their virtualization tools to ensure no-one else can get their hands on your data.
6. What happens if you lose my data?
Understanding the contingencies that a cloud vendor has in place in the event that data is lost, deleted or corrupted is another must. In particular, businesses need to know what level of data durability they can guarantee, as well as how many backup copies they keep in the event of a data loss incident.
7. What steps are in place to manage data migration?
A factor that's often overlooked when evaluating cloud providers is what happens when your relationship ends. At this point, the provider will hold huge amounts of critical business data, so it's vital that it is easy to extract this and migrate it to another provider. Will data be ported in an easily accessible format? How can the task be performed quickly and with minimal disruption? What assurances does the provider have that all data will be removed from its servers?
Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals. To view more IT content, click here.