help button

Knowledge Center Links

link to blogs
link to blog talk radio
link to newsletters
link to frequently asked questions
link to cloud glossary
link to cloud security
link to white papers
link to cloud cube
link to current events
link to important websites

Security Questions

Before you sign a contract with a Cloud Service Provider, we strongly recommend that you have the answers to these questions:

  1. Where is your data?
    This is probably the most fundamental question because it impacts many of the remaining questions.
  2. Who has access to your data?
    This includes the administrators, help-desk personnel, support and repair personnel, even the janitors. How much of this functionality has your Cloud supplier outsourced, and therefore opened up channels into their environment and your data? Who has access to the data as it travels within your partners’ facilities?
  3. How is the data secured?
    Of course you are using encryption.
    • Is it appropriately strong for each class of data?
    • Who controls the keys?
    • Who has access to the keys?
    • How often are the keys changed?
    • How are the keys protected from loss?
    • Is the data ever decrypted in the Cloud?
    • If so, where, how, and who has the ability to do that?
  4. How are the applications secured?
    • Are they your applications or provided by a partner?
    • Who controls updates?
    • Who has access to the applications?
    • How does the Cloud impact your data life cycle management?
      Does your pre-Cloud life cycle management system integrate your data in the Cloud? How does the Cloud impact your archive and audit functionality?
    • How does the Cloud impact discovery orders?
      If a court orders discovery of data around specific topics, can you provide it quickly, inexpensively, and completely whether the data is in the Cloud or not?
    • How do you get your data into the Cloud at the beginning?
      One of the trickiest challenges with migrating to the Cloud is the transition. For any data you plan to store in the Cloud, you have to somehow move it to Cloud without shutting your business down. How long will it take? There are, of course, tools to help, and your CSP will be eager to help. But be careful that the use of those tools doesn’t compromise the confidentiality, integrity and availability of the data These questions should be answered specifically about the transition period.
    • How do you get it all back when you leave the Cloud?
      At some point you will change something, a universal truism. One of your Cloud Service Providers will go out of business, merge with one of your competitors, or otherwise become unacceptable. Some new technology or company will offer a better alternative, or your own business goals will require significant changes. Unlike moving into the Cloud, you may have a short time window and everybody may not be in the same cooperative mood they were when you transitioned in. Make sure you have an exit strategy, and make sure that exit strategy allows you to be sure that your data is no longer accessible through any prior partner.

    We can help. Contact Us with your questions.