Top Security Questions CIOs Should Discuss With Their Cloud Provider

blog image_3-25

The lack of comprehensive preparation for a cloud transition can create problems. We know that your time is valuable, but we strongly encourage CIOs to invest the time to compile and study research about the cloud infrastructure prior to making the actual transition to the cloud. As the point person, this investment of time will give you the ability to address questions, perform due diligence and make informed decisions that you can then share with your team. Below are a few topics you should be sure to investigate:

What is the Uptime Gaurantee?

We encourage potential clients to discuss the uptime guarantees and inquire about a formal change control planning policy. We recommend this because without a formal change control policy, you could run into extensive and costly downtime, especially if you’re dealing with time-sensitive data. You should also request written copies of both of these items.

Your ideal provider should be able to display a 99.999% uptime guarantee with no expected network-related downtime. Ask for their service level agreements.

What are the Data Center’s Security Policies?

During your initial conversations, ask your cloud provider for a copy of the formal information data security policy and all partner policies pertaining to security. The provider you eventually choose should have a firm commitment to the creation and maintenance of strict and extensive security policies and controls. They have an obligation to clients concerning data security, and you need to feel comfortable with the security structure they provide. The company policies should be in writing.

What are the Data Center’s Audits and Certifications?

Additionally, companies can decide to submit to a voluntary audit that tests for the most stringent security controls with compliance standards set forth by the American Institute of Certified Public Accountants (AICPA) standards. If a provider has done this and receives excellent ratings, it’s a major achievement. Another topic for you to explore is certifications.

What are the IT Security Budget Projections Going Forward?

A recent study by industry giant Gartner shows a tremendous change in IT security budgets by the year 2020. The projection shows a 75% allocation of IT security budgets earmarked for rapid detection and the deployment of response tactics. This projection shows a 65% budget increase from 2012, when the security allocation was only 10%.

Given the tremendous increase in data security breaches such as those at CitiGroup(1), Target(2), Neiman Marcus(3), Heartland(4), Michaels(5), and gaming sites(6) in the last few years, the response is understandable.

There are three areas that require extra attention: the first being security in general, the second is mobile security, and the third is social media. The Gartner Key Challenges post contains information that’s very informative and worth your while.

What About Data Storage?

There are a number of questions that you need to ask about data storage. To begin with, simply backing up your data is not enough.

You need to understand your data and what you’re storing along with the following:

  • How quickly and how often do I need to access the data?
  • Does the data need to be retained for months, years, or some other timeframe?
  • How much security does the data need? What about mixed security levels?
  • Are there legal regulatory requirements that need to be adhered to such as data pertaining to healthcare regulations, and/or the financial industry?
  • Is there limited access?

What Staff Support is Available?

In addition to the other things you should consider, it’s a major asset to find a provider staffed with a team of high-level engineers who are very comfortable in agile, project-oriented cloud environments. The staff should be highly skilled in practical program and project management as well as software development and the methodologies of software development life cycles. The last thing you need are low-level techs.

With this type of advanced support, your internal IT team is free to concentrate on their key projects without having to contend with server maintenance, updates and repairs.

This question is just for you: How Much Do You Understand About Infrastructure-as-a-service (IaaS)?

There are many important benefits to explore in order to make informed IT architecture decisions for your business based on immediate and future needs. Our recent post will give you a very comprehensive IaaS overview, and it may also raise some productive questions that we can discuss.

We invite you to take advantage of our complimentary consultation, during which we can answer your questions and provide you with additional information. Send us a message or call us at (855) 785-9993. We welcome the opportunity to speak with you.

Share this Blog Post
Share on Facebook0Share on Google+0Share on LinkedIn20Tweet about this on Twitter0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>