Selecting a Cloud service provider (CSP) isn’t just about picking the better deal that fits your company’s budget. The cloud provider framework is where your data will be stored and, more often than not, data plays a huge part of the day-to-day running of a business. Therefore, it is essential to go over other key points that make sure enough efforts are done to provide you with available, confidential and unchanged data. It is essential that your CSP voluntarily discloses this information on how your data will be stored whenever you need it. Infact, doing such checks will only be possible if the provider has transparent processes and procedures. Transparency plays a huge factor in this. You can read more about Transparency & Trust within the cloud environment, in my previous article.
Cloud computing is a relatively new concept, unexplored by most. If you feel uncomfortable choosing the best CSP for your data, find an expert in the area. A neutral third-party assessor can help you decide if the cloud computing service provider you picked is the right one for your businesses’ needs.
Here are 5 tips to look for when seeking to protect your data in the cloud:
Make sure the data is not stored in one site, regardless of how well equipped & prepared this one site is. Multi-site storage can be considered as a bare necessity. One site will never be able to save your data when hit with a disaster. If multi-sites are available make sure data is actually scattered across multiple sites. Never assume your data is scattered when your provider claims to have multiple sites. Verify it. Having your data clustered in one site defeats having multiple-sites.
If your data is scattered across multiple-sites your should know what will happen to your data and service for when a disaster occurs. You should also know of any restoration capabilities and length of said restoration.
A Cloud service provider may make efforts to hide your data, but the truth is, data exists on the same hardware. Encryption is effective however, it’s not the only solution. Get your provider to give you more information on methods employed to segregate data and proof of effort to protect a customer’s environment. Make sure they are stable, encryption problems may cause your data to become completely unusable, affecting availability of your service.
Long Term Viability
When you first sign in the provider’s T&C you’ll read about the efforts done to protect your data. However, if your cloud computing provider goes broke or get acquired by a larger company you should be sure your data will remain available and private even after such an event. Ask your provider about data liberation methods and how to get your data back.
Privileged User Access
If your cloud provider adopts a hierarchical structure make sure you know who can get access to your data. Especially if you have sensitive information which you don’t want to share.
Check up on the company’s data handling policies, and not just that. See what happens when the company hires, terminates any of its administration team. It’s also good to know if the company runs any periodical audits to list privileged administrators, and the controls over their access.
- Transparency & Trust in Cloud Security (securopia.wordpress.com)
- How to Choose A Cloud Storage Provider: Security (informationweek.com)