Home 12 Questions To Ask a Provider About Cloud Security

12 Questions To Ask a Provider About Cloud Security

In our post yesterday, Amazon’s IT Director Jen Boden said that the company would never have considered using Amazon Web Services (AWS) did not provide a virtual private network. She further added that Amazon Web Services had recently completed a security audit, which helped her cause with auditors.

Bur Boden also had a level of resources available that could only come from a cloud computing provider. For the uninitiated, security is a daunting issue. IT is accustomed to controlling an IT environment. What you control in the cloud is a different matter. In the cloud, IT must be more aware of how data flows, tracking it more so than restricting it.

Mike Kirkwood makes this point in The Future of the Cloud: Cloud Platform APIs are the Business of Cloud Computing, the report ReadWriteWeb published today and now available for download.

He writes:

“In our emerging world of API communication and portable systems, a lot of security work will be focused on tracking the movement of data, rather than restricting it. Instead of minimizing the surface area of the enterprise, the next phase will be about tracking where all data is being shared, consumed, and altered.”

SaaS Chronicles has put together a good list that can help gain more insights into security and provide some additional context for the ways data does flow in the cloud:

  • Where will my data be stored?
  • Who will have access to my sensitive data?
  • What controls do you have in place to ensure safety for my data while it is stored in your environment?
  • What type of employee / contractor screening you do, before you hire them?
  • Will my data be replicated to any other datacenters around the world (If yes, then which ones)?
  • What is your Disaster Recovery and Business Continuity strategy?
  • Is your Cloud Computing service SAS70 compliant?
  • Do you offer single sign-on for your services?
  • How do you detect if an application is being attacked (hacked), and how is that reported to me and my employees?
  • Do I have full ownership of my data?
  • Will you provide me my data in a readable format – Pdf, Excel, Access…?
  • Do you offer a way for me to run your application locally and how quickly I can revert to

the local installation?

What do you think? What questions do you suggest asking about cloud security?

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.