Cloud Services Brokerage: Five Security Questions to Ask
Moving business applications and data to the cloud doesn’t shift the ultimate responsibility organizations have for protecting sensitive customer, patient and corporate data. Before partnering with a cloud services brokerage (CSB) — or any cloud service provider — it is important to know what measures it takes to ensure the data entrusted to it will be appropriately safeguarded. Getting suitable answers to the following questions will help you select the right cloud services brokers and cloud service providers when data security is a concern.
What is the cloud provider’s security architecture and policy?
It is important for you to understand exactly how your applications and data will be protected and the policies the cloud services provider follows to maintain the security of your data.
A cloud services brokerage can help you delve into the details of the various security architectures that different service providers will present and help ensure that your security needs are properly addressed.
How comprehensive is the service-level agreement (SLA) between you and the cloud provider?
A service-level agreement covers the minimum acceptable standards you can expect from your service provider, as well as what consideration you will receive in the event that these standards are not met. You need to ensure that your SLA has “teeth” — for example, a 30-minute credit toward your next month’s service doesn’t necessarily compensate your business adequately for a 30-minute outage to your e-commerce infrastructure that costs you thousands of dollars.
Not only is it important to negotiate SLAs that meet your business requirements — you also need to actively manage your SLAs. Here, too, a cloud services brokerage can help you negotiate and manage SLAs among your various cloud service providers.
Does the cloud provider understand your data preservation and protection needs?
Although all companies require some level of data preservation and protection, not all data needs to be equally preserved and protected. A cloud services provider that attempts to treat all of its customers’ data equally will inevitably fail to protect your most sensitive data adequately. It is important for you and your providers to truly understand the value and sensitivity of your data and your business requirements for preserving, maintaining and accessing that data.
Where does your data physically live? Do you have the cloud provider’s assurance that it will remain private?
Will your data be stored on a shared disk system? If so, how will the cloud services provider maintain the confidentiality and integrity of your data?
Is data portability part of the service provided by the cloud vendor?
In a nutshell, you should begin with the end in mind. At some point, it will be necessary to move your data. Whether it’s due to outgrowing your current service provider, or a new strategic direction, or an SLA failure, you need to know how your data move will be handled when that time comes.
This is a guest post by Shana DeLuca, Director of Product Management for Liaison Technologies (www.liaison.com), a global provider of cloud-based integration and data management services and solutions. She is a subject matter expert in cloud computing, specifically as it affects complex data integration, data management, data security and data transformation across many different vertical industries. She was also a contributor to the recently published e-book, “Cloud Services Brokerage for DUMMIES®”.
Photo source: https://www.sxc.hu/photo/568474