With the introduction of cloud services to our business network topology. It opens up a new set of questions that needs to be answered before you choose and implement any cloud strategy, especially in an age where the Internet Of Things (IoT) has opened up a new set of security risks to our business environment.
Here are 5 questions to ask before you roll out any cloud strategy.
- Cloud providers all want us to think that we have our “own space” that no one else has access to. Virtually this might be true but more than likely all the information from different companies all resides on the same physical machine. Make sure your cloud provider takes the necessary steps to ensure that no one else can access your data.
- Make sure that the data is encrypted when it’s in storage(rest) or when it is being sent (in transit). Make sure the encryption applies even when the data is being access by the cloud providers own applications. Be sure of what the provider does to dispose of your data when it is no-longer required.
- If the data can be accessed with a http command then your data can be accessed insecurely, make sure that the cloud provider uses the standard IPSec protocol to encrypt and authenticate access to your data.
- Make sure that whatever the provider used to build the platform (API) is not weak. Even with strong encryption and authentication practices a weak API will make your data easily accessible to those with fowl intent.
- The weakest point in any security implementation, IT or otherwise. Find out the extent of access the people at your provider have. Not only the people at your provider but make sure you know who access to what data on your internal network as well.
With vast amount of providers that do really good jobs at offering cloud platforms for business, you are really spoiled for choice for business but doing due diligence before going with any of them will help narrow the list of options.