Having a cloud provider that is concerned with the cloud’s security may be one of the most important qualifiers when searching for your organization’s cloud service provider. You will want to know that your cloud will be a secure place to store data.
The desire to know that your cloud will be secure can make searching for a cloud service provider seem intimidating. To ease your search, here are a few tips on what to look for in order to have superior security from your cloud provider:
- You should have extensive knowledge of your own organizational regulatory requirements, a good system description and a list of the services you plan to outsource to the cloud to help you better target questions and decipher information from the cloud providers.
- Make sure the provider is aware of regulations that form the basis of data security compliance such as HIPPA, PCI/DDS, and FISMA?
- Providers should follow the American Institute of Certified Public Accountants (AICPA) regulations, including:
- SSAE 16 (financial reporting measures)
- SOC 2 and SOC 3 (addresses controls in non-financial areas)
- Learn what physical and logical security procedures the cloud provider has in place to protect and maintain IT infrastructure.
- Find out how physical resources are shared and, if necessary, destroyed.
Would these tips be helpful when searching for a cloud service provider, making them ripe? Or are these tips all hype?