Cloud Insight

Five Security Questions To Ask A Cloud Provider

22 Aug

Doing proper due diligence when searching for a cloud provider is absolutely imperative. Before you begin your search, you should come up with a list of pertinent questions to ask each provider to obtain a better understanding of how they operate. Of course, the price of services and storage capacity is important, but perhaps the most important questions will pertain to the security of your data. When choosing a cloud provider, consider asking these five questions.

Does Your Organization Have Formal Information Security Policies?

This may seem like a silly question when you first read it. However, surprisingly enough, plenty of people fail to ask this question. A trustworthy cloud services organization will have formal, wide-reaching policies for how they handle the security of your information and data. This may be outlined in a formal services agreement or may be an internal policy for the organization. Regardless, there should be an expectation created for how the cloud provider is going to make sure your data is secure.

Do You Require Any Third Party Services or Agreements?

It’s no secret that many organizations use third parties to make their product that much better or more robust. This should not scare you away from a provider, but it is something you should know. Perhaps a provider uses a third party data center or another provider for certain services. Does the third party group have the same standards you expect? A third party or subcontractor can add a great deal to a provider’s offerings, but they can also weaken their product if they don’t operate at the highest standards.

What Are Your Change Control Processes?

Organizations that apply changes or configurations in a hasty or unplanned manner more often than not experience issues and possible downtime. Make sure that the organization has a plan or policy in place for change control as the leading contributor to network outages is simple poor planning, which can be mitigated with proper planning and policies.

Who Has Physical Access To Your Data Center & Equipment?

We all consistently worry about how secure we are from online threats. However, physical, real-life threats must also be taken into account. While this may not be thought of as often these days if a person can simply waltz past a security guard, open a few doors, and have access to a server room you may want to rethink how secure their environment really is. If the organization allows it you may even be able to take a tour of their datacenter and see first-hand how secure their physical environment is.

How Do You Segregate Data From Other Customers?

The rise of the (multiple customers on one server) environment has brought about new concerns for security. If a multi-tenant environment is not properly secured, a flaw in one customer application can mean everyone else’s data is vulnerable. Adding to this, ask what type of server administrator accounts the provider uses. For instance, a “system-wide” admin account should be used sparingly and not be the overriding norm. You can also use this as a change to ask about private cloud solutions and how they compare.

We could go on and on about questions to ask a potential cloud provider, but this should provide a nice starting point. Of course, continuing to follow the Neovera Blog will allow you to brush up on your knowledge and we’ll continually provide posts such as this to better help you when searching for a cloud provider. Neovera maintains the highest standards for data security and compliance and can answer any questions you have about cloud services and platforms. Contact Neovera to learn how we can help your business achieve its goals.