Cloud security is an important topic for many reasons, not the least of which it is one of the primary reasons businesses prolong moving to it. In a Gartner “Is the cloud secure?” report republished in March of 2018, Jay Heiser Gartner research vice president, offers insight into the subject. In part Jay notes:
“The challenge exists not in the security of the cloud itself, but in the policies and technologies for security and control of the technology. In nearly all cases, it is the user — not the cloud provider — who fails to manage the controls used to protect an organization’s data.”
This made me think, what questions should I ask my cloud provider? Here are my top 5:
- What measures do you take to destroy data after it is released by customers?
- What physical security measures, processes, and monitoring capabilities do you have in place to prevent unauthorized access to your data centers?
- How do you screen your employees and contractors?
- What security certificationsdo you possess?
- Do you encrypt data in transit and at rest?
You should expect your provider to be able to answer these questions and the answers should give you the warm and fuzzy.
Up next: What the heck is the difference between a public, private and hybrid cloud?
Click here for our previous post, “Cloud Security – Phishing”