The Critical Cloud Security Questions That Need Asking

It’s a human tendency to reject that which we don’t understand and stick to what has been working. This is especially true when it comes to security of our data. Using cloud storage services can be risky. The goal here is to boost your confidence when it comes to using cloud services for your personal or business use.

Hackers, fires, burglars, idiots. Even if they're in the minority, all exist. There are over a million viruses, software scripts that can infect your computer without you even clicking anything, and codes that can delete your entire company. Most cloud services have a framework in place to protect your information from these risks and a security team monitoring such risks.

Related: Did You Know Trucks Are Already Driving Themselves?

In fact, cloud computing offers several security advantages. Such as immediate software patches, hardware and software redundancy, and employed specialists.

Yet, this still seems to be the number one risk when it comes to adoption of cloud services. Even if the cloud provider isn’t at risk of any sort of breaches, this will still be an issue for the prospective customer. As Raj Samani writes for Information Week, “the challenge has never been about security, but about transparency."

But has it?

According to Bloomberg in 2015, 80% of American Law Firms had security breaches. A couple weeks ago there was the Panama Papers scandal. 2.6 terabytes were leaked revealing ways the rich exploit offshore tax loopholes.

To this point, there is a need for regulation and education within the industry. While we may be far away from legislating the Cloud Computing industry, but there are organizations promoting best practices.

Enter the Cloud Security Alliance. Founded in 2008, the organization raises awareness of the best practices within the industry. Offering the most popular provider certification program and the first user certification.

For some companies, Cloud Service Providers may be more secure than what can is feasible in-house. So how do you know which of these providers offer the level of security your company needs? Ask them these questions:

What is my role and your role in the protection of my data? This way you can take precautions yourself and fill any security voids.

Where do the servers, processes, and data physically reside? It’s important to know which laws your data is liable to.

Who can view enterprise data in the cloud? How many of their employees can see your data? What sort of credentials do they have?

What is your service level agreement (SLA) for uptime? Important to know because of how reliant you are. The more reliant you are, the more uptime you need.

Do you allow customers to perform scheduled penetration tests of either the production environment or a designated testing environment? This allows you to see how vulnerable your system is to security breaches.

What protocols do you follow? This will give you an idea how diligent  security is within the company.