Twenty Five Questions to Ask Your Cloud Provider

by NewsEditor_ on June 19th, 2015 in Security Tips.

Cloud computing provides centralized resources allowing for faster access and information sharing, but as the popularity of cloud services grows, companies need to ensure that their cloud vendors are reliable. Here are 25 important questions to ask your cloud vendor:

Location, Location, Location

Where is the data physically stored?
How are potential weather and environmental factors addressed through physical security features?
Does the cloud provider have a privacy program to ensure that legal requirements in their jurisdiction are adequately addressed?
Do they operate in several jurisdictions?
If yes, how does their privacy program ensure that the requirements in each jurisdiction are adequately addressed? For example, data centers owned by U.S.-based vendors, regardless of location, are potentially liable to search and seizure of data based on the US. Patriot Act.

Employees

Are employees required to sign confidentiality agreements?
What measures are taken if the confidentiality agreement is broken?
Is there an employee termination policy to ensure that access to client information is revoked upon termination?
Are identification cards or badges required for all on-site personnel?
How are employees screened before hiring?

Third-Party Access

Is any part of the work outsourced or do subcontractors have access to any company information?
Are external vendors required to sign legal agreements detailing their data protection and security requirements?
Are subcontractors required to use a secure e-mail service for communication related to the client?
How is evaluation of security practices and data protection completed for vendors working outside of the country?
How is confidentiality, integrity and segregation of personal information ensured?

Data Backup