Cloud Security – The Top 5 Questions for Your Cloud Supplier

Cloud Computing, often referred to as “The Cloud” , is a term that businesses are rapidly become excited about. The excitement stems from the Cloud’s massive potential for delivering powerful computing resources at a much lower cost than “traditional” systems.

There is still some reluctance to use the Cloud and one of the main concerns is over security because systems and data are no longer held locally. But should these concerns be “show stoppers”?

“Not necessarily, and in many cases certainly not”, says Martin King-Turner, Managing Director of The National B2B Centre.

So how should you approach the issue of Cloud security? Perhaps the first thing is to recognise that computing resources delivered via the Cloud, whether we are talking about business applications, data storage or virtual servers, are delivered as a service.

This means that the emphasis switches from pure product evaluation to a process of supplier selection and due diligence. You need to apply the same rigour in choosing a Cloud service supplier as for any other important (potentially “mission critical”) business service supplier.

The key is to approach Cloud security in the same way that you approach other business decisions – namely:

  • Understand the issues
  • Ask questions of potential suppliers
  • Evaluate their responses.

So what are the most important security issues and what responses should you look for? Here are our top 5 questions for potential suppliers:

  1. Where’s my data? Data stored “in the Cloud” still resides somewhere! It won’t be on your premises, but your Cloud supplier should be able to tell you where your data is stored. All UK businesses holding personal data about third parties – e.g. customers – must comply with the Data Protection Act. When using cloud computing services, your data can be stored outside the European Economic Area – but your business is ultimately responsible for that data. You should also ask your supplier what facilities they provide to enable you to take a local copy of your data if you want to.
  2. What are the service level agreement (SLA) terms? The SLA serves as a contracted level of guaranteed service between you and your cloud supplier. It specifies what level of services will be provided and should also specify the level of responsibility the supplier will take for security, functionality and continuity of service. It should also detail any provisions for compensation in the event of a security breach.
  3. Who has access? Many security breaches involve insiders. Ask who has access to your data and what types of controls are applied to these individuals.
  4. What is the long-term viability of the supplier? How long has the cloud supplier been in business and what is their track record? If they go out of business, what happens to your data? Will it be returned, and if so, in what format?
  5. What is the disaster recovery plan? While you may not know the physical location of your services, it is physically located somewhere. All physical locations face threats such as fire, storms, natural disasters, and loss of power. In case of any of these events, how will the cloud supplier respond, and what guarantee of continued services are they promising?

Knowing the answers to these questions will help you understand and quantify the security risks associated with a Cloud project. And whilst security is indeed a consideration, you may well conclude that the ability to reduce cost, to increase your business flexibility and to improve the technology capability of your organisation are benefits that far outweigh any security risks.

If you are considering a Cloud project for your business and need help understanding security, or you simply aren’t sure where to start call Martin on 02476 620158 or email martin.kt@nb2bc.co.uk to discuss your requirements.