Skip to main content

Internet Security Questions for the Cloud Provider | Optiv

February 04, 2014

When considering a move to the cloud, there are a number of security questions that should be considered as you select a potential cloud provider. Almost all analyst and industry surveys list privacy and data security as top concern for CIOs and CISOs. Through our years of moving SMBs and large enterprises to the cloud, we’ve compiled a list of questions to help you determine the level of security the provider offers.

1. What is your data encryption viewpoint, and how do you encrypt data? Do you Encrypt data at rest or in transit? Is there an encryption offering and if so what level of encryption and what data protection certifications do you currently hold?

2. How do you manage the encryption keys?

3. Do you offer periodic reports confirming compliance with security requirements and SLAs?

4. What certifications for data protection have you achieved?

5. Who can see or have access to my information? How do you isolate and safeguard my data from other clients?

6. What are your disaster recovery processes?

7. What are your methods for backing up our data? What offerings are available to back up data?

8. Where is your data center, and what physical security measures are in place?

9. How do you screen your employees and contractors?

10. What actions do you have in place to prevent unauthorized viewing of customer information?

11. What actions do you do to destroy data after it is released by a customer?

12. What happens if you misplace some of my data?

13. What happens in the event of data corruption?

14. How is activity in my account monitored and documented? What auditing capabilities are provided: Admin/MGMT, Billing, System Information?

15. How much data replication is enough, and what level of data durability do you provide?

16. How much control do I retain over my data?

17. Can I leverage existing credentials and password policies? Do you offer SAML/SSO capabilities for authentication? What types of multifactor authentication is supported?

18. Can I disable access immediately to my data in the event of a breach?

19. Can you continue to provide protection as my workloads evolve? How scalable is the solution, including disaster recovery?

20. How often are backups made? How many copies of my data are stored, and where are they stored?

21. How reliable is your network infrastructure? What certifications do you currently hold for your data centers?

22. What is your current uptime and SLA option? What if SLA is not met?

23. Do you alert your customers of important changes like security practices and regulations or data center locations?

24. What country (or countries) is my data stored in - both on your infrastructure and for backups?

25. Will my needs be served by dedicated instances/infrastructure or shared instances/infrastructure?

26. Will my internal and external incident response resources be able to access your infrastructure in the event of an incident? If not, how will you perform the investigation on my behalf?

27. What third party security validation can you provide me with? How often do you have external assessments performed?

28. How do you dispose of end-of-life hardware?

29. How do you dispose of failed data storage devices?

30. What is your process for responding to a legal hold request?

Related Blogs

January 13, 2016

I Want the Cloud, But Where Do I Start?

… It is a question many admins and technology professionals are starting to ask. Well, to be fair, as long as ‘The Cloud’ has been a buzzword, people...

See Details

February 03, 2014

What is the Cloud?

The cloud, aka cloud computing, has many different colloquial definitions, all of which seem to be somewhat different depending on who you are talking...

See Details

December 23, 2013

Are You On Cloud Nine Yet?

CIOs and CTOs looking to reduce costs, drive innovation and maintain a strategic advantage over their competitors can’t afford to overlook the cloud. ...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

November 12, 2014

Empowering the CISO

A security-focused business culture can empower the CISO to effectively perform their job, and allow them to become a respected member of the “C” leve...

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

September 20, 2017

Cloud Security Architecture

Learn how our experts formulate an actionable strategy with key stakeholders and help implement your cloud security program across the enterprise.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.