The cloud is a great place to store your data, but you need to choose your cloud provider carefully. After all, there’s only so much you can learn about a company before signing a contract with them.
When you put your business data in someone else’s hands, it’s important that they are trustworthy and have your security interests at heart. The right questions can help make sure that’s the case. Here are eight tips to consider when choosing a cloud provider.
Make sure your cloud provider is SOC 2 certified.
Service Organization Controls (SOC) are recognized standards that auditors use to test a company’s controls over their data. SOC 2 certifications indicate a company has been audited by a third party and found to have proper controls in place to protect your data. Cloud providers that hold your sensitive data should have SOC 2 certifications, as well as other security certifications. This shows that they have been tested and have taken appropriate steps to protect your data. SOC 3 audits are by invitation only and can cost more than $100,000. SOC 1 auditors are not as rigorous as SOC 2 auditors. Be sure your cloud provider has a SOC 2 or equivalent certification to ensure they have rigorous controls in place to protect your data.
Ask how they store and transmit data.
How your cloud provider stores your data and transmits it will have a big impact on your security. If they store it on servers that are not encrypted, someone could break in, steal your data, and copy it. If they store it on servers that do use encryption, your data will be protected in case someone breaks in. Make sure your cloud provider uses encrypted servers and virtual machines to protect your data. While it’s important to know how they store your data, it’s also important to know how they transmit it. If they transmit it in the clear, it could be intercepted and read. If they use encrypted transmission protocols, no one will be able to read it, even if they break into their network.
Check the SLA and make sure you understand it.
The service level agreement (SLA) is the contract between you and your cloud provider. It spells out what is guaranteed and what isn’t. Be sure you understand exactly what the SLA covers, especially with regards to security. If your cloud provider promises 99.99% uptime but isn’t SOC 2 certified, you may want to look elsewhere.
Make sure the SLA covers the following: How quickly security issues are dealt with, how quickly the network is restored in the event of an outage, and how long it takes to restore your data after an outage. All cloud providers guarantee a certain level of uptime, and most also offer a level of service in case of a major or minor outage. Make sure you know what happens if they miss their uptime guarantee. Will they compensate you with extra time on your contract or give you a credit? Make sure you understand the SLA in its entirety before signing a contract.
Check who has access to your data and how it’s transmitted.
If you store your sensitive data with a cloud provider, it may be accessed by their employees. Some providers have strict policies about handling your data, while others are less rigorous. Be sure to ask what sort of access their employees have to your data and how it’s transmitted. If they have full access to your data and transmit it unencrypted, it could be easily intercepted and copied.
This is especially important if your cloud provider offers managed hosting. Their engineers may need access to your server in order to maintain it. Make sure you know what sort of access they have and how they transmit data. For example, do they use a virtual private network (VPN) to log in or do they have full access to your server? If they have full access, they may be able to read your data.
Find out what happens to your data if the company is sold or goes out of business.
When choosing a cloud provider, it’s important to know what happens to your data if they go out of business or get acquired. Some providers offer an exit strategy. For example, they will let you export your data or take it off their servers. Other providers will keep your data for a certain period after the contract expires. If you decide to let them keep your data, be sure you know how long they intend to hold onto it.
Ask about their security practices and tools.
Find out what security practices your cloud provider uses. It’s not enough for them to say they have strong authentication for users and servers. You need to know what they actually do. For example, does their firewall use stateful inspection to actively review and inspect all communication? Does it use Distributed Denial of Service (DDoS) mitigation services to stave off attacks?
Ask about all aspects of their security, including their ability to monitor unusual activity and respond quickly to threats. Some providers offer security tools, such as a firewall, intrusion detection system (IDS), and controls against malicious software. If you can’t find out what practices and tools they use, that’s a red flag. A reputable cloud provider will be happy to tell you about the security tools they employ.
Be wary of free services, especially when there’s no transparency about where your data is stored or how it’s processed.
Free cloud services might seem like a great deal, but there’s usually a catch. Be wary of free services and those that lack transparency about where your data is stored and how it’s processed. These services might be harvesting and monetizing your data for profit in ways that you don’t even know about. Before signing up for a free service, ask yourself if the data you’re entering is worth more than the cost of the service.
Be wary of unlimited storage promises and pay attention to how backups are handled.
Some cloud providers offer unlimited storage, but they might be storing your data in less than ideal conditions. Others promise a certain amount of storage but don’t say how they handle backups. Be wary of unlimited storage promises and make sure you know how your cloud provider handles backups. If they are storing your data in an off-site location, how quickly can they restore it if there is a problem?
The cloud is a great place to store your data. It’s secure, accessible, and scalable. However, you need to choose your cloud provider carefully. After all, there’s only so much you can learn about a company before signing a contract with them. When you put your business data in someone else’s hands, it’s important that they are trustworthy and have your security interests at heart. The right questions can help make sure that’s the case. Make sure your cloud provider is SOC 2 certified, uses encrypted servers, and has controls in place to protect your data. Make sure they store and transmit data using encrypted methods, and ask who has access to your data and how they transmit it. Choose a cloud provider that has security tools in place and uses best practices to protect your data.