Concerned about Security in the Cloud? – This is what you should ask your cloud service provider

Summary: Here is a list of questions that you should ask a cloud service provider, when thinking about running cloud solutions. If your cloud service provider can address them, it’s one of your choices — and should be good to stand in front of your IT department.

You are coming from a line of business and have seen the benefits that cloud services can bring to your organization and want to leverage them?

You don’t have the technical background as your IT colleague has, but you are also concerned that your critical data is stored in and accessible via the cloud? 

Here is a list of questions that you should ask a cloud service provider, when thinking about running cloud solutions. If your cloud service provider can address them, it’s the one of your choice… and should be good to stand in front of your IT department.

The questions are structured according to the top security concerns in the cloud that has been researched by various assessment of companies looking into cloud computing as a viable option to accelerate their business.

Identity Management

SaaS architectures involve Web-based applications and communication that occurs via the internet. The questions that should be asked here are:

Data Location

Giving your critical data in the hands of your cloud service provider requires trust. Thus it’s important to know where it is stored and how it is protected. To have peace of mind the following questions should be processed:

Data Storage

In a SaaS model, your data is stored in the data center of the vendor together with data from other companies. Thus, the following questions should be answered and compliance regulations should be addressed:

System Operations

Your provider must ensure that the general capabilities of secure and stable IT operations comply with industry standards and technology best practices. To achieve it, your vendor should be able to answers the following questions:

Data Transmission & Flow Control

SaaS uses the public internet to transmit data and therefore transmission security is required. Here the questions to be answered:

Miscellaneous

But Security it is not only about Certification & Data-center. The concept of a vendor needs to go far beyond that. It needs to address the operation of data, storage of data and e.g. the portability of my data because I might want it today on-premise and tomorrow in the cloud. 

Last but not least one major aspect should be highlighted when it comes to security – the culture. But more on this later.

Employees of a cloud vendor should have this security thinking implanted in their DNA. Be careful with your passwords. Lock your devices whenever you’re not working with them. Take security serious at an early stage of developing new software. Employees of SAP are experts in that topic. Every employee gets a wide range of security training and has to pass tests on a regular base.

Any remarks? If yes, please let me know. Follow me on twitter to stay informed about the hot topics around the cloud. Sven Denecken (@SDenecken)