12 Cloud Security Questions You Need to Ask Your Cloud Providers

Ask the right cloud security questions to find trustworthy providers

Worried that cloud computing puts your business’ critical data at higher risk?

You’re not alone.

British Telecommunications (BT) conducted a study to understand the attitudes of large organizations regarding cloud computing and security.

They found that 52% of U.S. survey respondents and 49% of global respondents were “very or extremely anxious” about the security implications of cloud-based services.

What’s puzzling is that this same study revealed that 79% of U.S. businesses and 70% of global businesses are using cloud storage and web-based applications.

You might find yourself in a similar situation — taking advantage of some of the benefits cloud technology provides (like disaster recovery) while still being nervous about the security implications.

On one hand, you realize the cloud offers companies like yours lower IT costs, greater scalability, more efficient workflow, etc.

But on the other, you’re afraid that bundled with those benefits are high risks of exposing your organization’s precious data.

So, you might ask yourself:

Is On-Site Infrastructure Safer Than the Cloud?

The answer is no, according to a group of IT professionals from medium and large enterprises who were surveyed by Clutch. 64% of them said cloud infrastructure is more secure than legacy systems.

There are 3 primary reasons for this:

• Cloud infrastructure is monitored at all times as a matter of course
• Cloud security measures are multi-faceted, implemented from the server all the way through to network and software levels
• Centralized management of cloud infrastructure ensures security systems remain up-to-date

We would add that in the explosively growing cloud industry, there are strong market incentives forcing providers to innovate, evolve, and continually deliver top-quality service — otherwise, they’ll be quickly upended by their competition.

Plus, it’s much harder to update and maintain outdated legacy systems at scale than it is to maintain cutting-edge cloud security systems.

On top of all that, it’s become an industry standard that cloud service providers audit themselves every year to ensure they are up-to-date, without any flaws in their system.

Hopefully, you’re now feeling a bit more secure about your company’s use of the cloud

But how can you make sure your cloud service providers are offering the security you need?

Ask Your Providers These Cloud Security Questions

By asking a lot of questions before you engage your cloud providers you’ll save you a lot of potential headaches down the road.

But if you’re like most companies who are already utilizing the cloud to some degree, now’s a great time to reevaluate your providers’ security practices so you’re aware of any potential shortcomings.

The following questions will help you gauge a cloud provider’s security expertise, along with any risks posed by their services.

This list of standard questions is a great starting point, but feel free to augment it as needed for your specific business:

1. What role does our company play in the protection of our data (if any) and what is your company’s role in protecting our data and mitigating security incidents?
2. Which specific data transmissions do you encrypt?
3. Where do our servers physically reside? Are there any legal ramifications regarding our data privacy we should know about for having our data stored in that location?
4. Who has access to our data in the cloud? What is your company policy for ensuring only authorized employees can access our data?
5. What uptime guarantees do you make in your standard service level agreement (SLA)?
6. What are your procedures for suspected security violations?
7. Do you perform penetration tests on your systems? If so, when was the last test, and what were the results?
8. How do you protect access to GUI’s and API’s?
9. What are your terms when it comes to ownership of data? How about any metadata we generate while using your service/platform/application?
10. What are your security measures for protecting your data centers and other facilities?
11. What level of technical support is included in your standard SLA?
12. Do you have a disaster recovery plan? How often do you test it? In the case of a data center disaster, where do you backup our data?

Finding the Cloud Security You Need

We recommend you ask these same questions to every cloud provider your company engages with. Once you get their answers, you’ll have a much better understanding of how exactly they can and will handle your business’ unique needs.

If you still feel the risks are too high or they didn’t give you satisfactory answers to tough questions, be ready and willing to say no to their services and start or continue searching for a high-quality cloud service provider you can trust.

Ensure your Cloud-Based Data and Applications are Secure

Contact us today for your free consultation and we’ll show you how our public and private cloud security services deliver scalable, flexible, and predictable solutions for your company’s specific security needs.
Schedule Free Consultation

Originally published at Solid State Systems LLC.