The small to medium-sized business market is beginning to heat up, with more and more companies touting the title “cloud provider. And since the technology and its delivery are so new, universal regulations for cloud computing compliance and security simply do not exist. There are no governing bodies over the cloud computing industry as a whole like there are over accounting or food processing for example. So how do you know which are the trustworthy companies? How do you know your data is not in the basement of someone’s home? How can you know their passwords aren’t the same for every account they service?
Making the jump to cloud computing can be a daunting task, with many things to consider. So we want to help you identify the trustworthy cloud provider. A few questions to ask as you’re considering providers:
- Where is the information stored? Ask about their data centers. Where the information is physically stored is a big deal. A typical office building can’t ensure the type of security and environmental controls needed to safely house your data. In addition, some so called data centers are nothing more than dressed up commercial office space, with little thought given to redundancy and security.
- Who can access the system? Someone will be accessing it, but are they trustworthy? How a company screens potential employees is a crucial element in maintaining your security. Does ex-con Uncle Fester get a seat at the help desk?
- What they can access? Ask for specifics about how they tier their access. Everyone shouldn’t be able to see everything- only the right people. Choose an IT provider like you choose a friend: Do you trust them? Do they understand your needs and concerns? Do they have your best interest at heart or are they looking to make a quick buck?
- Is the access appropriate? Access to underlying infrastructure should parallel that person’s job role. Examine the provider’s corporate policies in line with the “who, what and why” of data security.
- Do they have a third party audit for security and processes? Ask your prospective provider about the SAS 70 Type II audit. In a cloud context, the Statement of Auditing Standards No. 70 is a report by an external auditor verifying that the appropriate controls, processes, and provisions are in place to effectively maintain your data security.
They may not come up on the putting green, but you should include “compliance” and “security” in your IT vocabulary. The ramifications of poorly secured data and applications are huge. Your company’s credibility depends on your IT provider’s ability to develop and adhere to specific compliance standards.
Claris Networks is a Cloud Provider serving the Knoxville and Chattanooga areas in Tennessee.