informa
Slideshow

10 Security Questions To Ask A Cloud Service Provider

Help the business assess the risks of cloud services with these handy questions.
Do you keep a signed audit trail of which users performed what actions when, both through their UI and API?
 What is my role and your role in the protection of my data?
 Do you encrypt all data transmissions, including all server-to-server data transmissions, within data centers?
 What access do you provide to logs?
 What is your termination or ‘exit process’ for ensuring successful transition from your services to an alternative offering?
 Where do the servers, processes, and data physically reside?
 Who can view enterprise data in the cloud?
 What is your service level agreement (SLA) for uptime?
 Do you have ISO27001:2013 certification? And if you do, what is within its scope?
 Do you encrypt all data transmissions, including all server-to-server data transmissions, within data centers?
1/10

As security teams try to help line-of-business users and other IT practitioners take advantage of cloud benefits as safely as possible, they're increasingly stepping into the role of trusted advisor. The scalability, flexibility, and convenience of software-as-a-service (SaaS), infrastructure-as-a-service  (IaaS), and platform-as-a-service (PaaS) offerings frequently come at the cost of added risk to the business. It is up to information security pros to help evaluate potential providers to best evaluate where those risks are coming from.

Dark Reading talked to a number of experts to come up with 10 must-answer questions that security personnel should get the business in the habit of asking before signing a service agreement.

Image: Pixabay

 
Next slide
Recommended Reading: