Once you put your corporate data in the hands of a cloud provider you lose control over how much care is put into keeping the data secure and handled correctly. Here are some suggestions and ideas to help ensure that your data is handled carefully.
1. Personnel – Get as much information as you can about people that are going to be handling your data. Ask about hiring procedures, if through back ground checks are performed, maybe even interview some of the employees, etc.
2. Compliance – Request a Risks Assessment or some type of security assessment. If the provider won’t provide this then it is an indicator that this provider should only be utilized to host non-critical or non-sensitive data. In the end you are responsible for the security and integrity of the data, not the provider.
3. Visit the site– Ask the provider for some type of documentation stating where the data will be stored and if it is going to be moved that you must be notified so you can decide whether you are comfortable with the changes being made.
4. Data separation – The provider is obviously hosting data and applications for many other clients. It is important that your information is stored separately and securely from these other clients. You should be able to have your own virtual or even physical server just for your use only.
5. Recovery – A few years ago I was visiting a local data warehouse where many local providers shared space from Cavalier Telephone to provide hosted services to their clients or for themselves. This space is called a bunker and is located right behind Cavalier Telephone here in Richmond, Va. As I walked down the isle I couldn’t believe how many tape backup systems I saw in the enclosures. There were other people there and it seemed like most of them were there to change out tapes. Tapes! Are you kidding! Don’t they know how unreliable tape backup is and how long it takes to recover from a failure with tape. It is vital to ask about the recovery process and how much data could be lost and how long the system will be down should it fail.
6. Business stability – Ask the provider to show you that they are going to be around. Ask for financial information, ask for references, do a credit check (this is very inexpensive) and see if this is a stable business. Ask them how you will get your data back if you decide to pull it out later, what is the procedure for this, how long will it take?
Take these measures to be sure that your companies most valuable assets aren’t going to be at risk.