Security Questions to Ask Before Engaging With a Cloud Provider

Jan 2012

Security Questions to Ask Before Engaging With a Cloud Provider

Posted by Samantha Morris

Concerns about security are one of the more prominent reasons why organizations choose not to adopt cloud services. However, we’ve seen a number of cloud vendors and service providers create and adhere to more comprehensive security capabilities as a means of getting organizations to adopt cloud-based services for complex and business sensitive processes such as data backup and Recovery.

There are many considerations that you’ll need to make before deciding to move your data to the cloud. It’s one of the most important things you’ll find yourself tasked with when make the decision to further investigate whether or not the cloud is right for you and your business.

Here are some of the things you should consider:

Data Encryption

There are two things to contemplate when it comes to data encryption. Is data encrypted once it is uploaded and most importantly, is it encrypted when in transit to a remote site? The answer to both of these questions should be yes. You may find information out there that says while there is some risk should you ever forget your online backup password, so make it important to choose a password that you and another person on your team will remember. The way Asigra works is that we provide key escrow management and password support to ensure the data contained in customer vaults aren’t trapped should the backup administrator have a temporary bout with amnesia.

Securing data in transit should also be of high priority. While the risk is extremely low it’s not impossible for data to be accessed via transit back to the service provider’s location.

Security Certifications

There are a number of cloud security and certification safeguards (FIPS 140-2, SAS 70/ISO27001, etc.) in place to document and control how data is handled and provides guidelines as to what a cloud provider and cloud customer’s rights are.

When you engage with an MSP, ask them about their security certifications. If you don’t recognize or unfamiliar with their certifications it’s tantamount that you do your research to understand what those certifications mean for you and your business.

Federal Information Processing Standards (FIPS) 140-2

The National Institute of Standards and Technology (NIST) is an agency of the U.S Department of Commerce that develops and promotes measurement, standards and technology. Federal Information Processing Standards Publications (FIPS PUBS) are issued by NIST.

FIPS 140-2 is the most current security requirement for encryption. It is not easy to obtain this certification and takes years of rigorous testing. If your prospective service provider is using a cloud backup platform that is FIPS 140-2 certified, you can rest assured that your data is safe at rest and in-flight.

Statement of Auditing Standards No. 70 (SAS 70)

The American Institute of Certified Public Accountants (AICPA) created the Statement of Auditing Standards No. 70 certification (SAS 70) to help customers know that their data center provider has effective internal controls in place for managing the design, implementation and execution of customer information.

With your organization’s assets residing in a SAS 70 data center you can ensure rigorous controls standards that demand accountability and transparency are in place.

Using a Managed Service Provider to provide secure, encrypted offsite disk based data storage at a remote datacenter and security certifications, your business can protect itself from both data loss and the exposure of sensitive company and client data. The MSP becomes your partner and assists you with all aspects of protecting your company’s business critical data.

The most important thing to remember is that while you may outsource the backup of your organization’s data to a service provider that you can’t outsource responsibility along with it.  With a little due diligence – security in the cloud is never an issue. Check back week for Part Two where we will discuss multi-tenancy to ensure you’re the wrong hands never have access to your data and service level agreements (SLAs) and what you need to look for to protect yourself.

Spice IT Email Post

For more information

Get insights about cloud backup and recovery direct to your inbox every month.
Subscribe to our Newsletter
Stay connected to the latest data protection insights – subscribe to our blog.
Subscribe to our blog
Got questions for one of our recovery specialists?
Need Answers to your Questions?
Print this page
Email this page