The Wrong Questions to Ask Your Cloud Security Provider

content1Selecting a cloud provider is a tricky thing. You need to find a provider who has everything you’re looking for — scalability, speed — and stays within your company’s budget. Online research is a crucial first step to finding prospects and learning about potential services — but research can only get you so far. Eventually, you’ll need to talk directly to your cloud provider hopefuls to see if what they offer will fit your need. Unfortunately, these one-on-one conversations can easily get off track, and you might leave the interaction with as little information as you started.
Providers are looking to make a client out of you, and while they want to answer your questions truthfully, they can’t give you the answers you need if you don’t ask the right questions. Here are some questions you might be tempted to ask your provider but shouldn’t, as well as the questions you should ask your provider, but might forget.

Why Shouldn’t I Just Buy My Own Servers?

The recent celebrity nudes scandal has brought to light the insecurity of the cloud, many experts are expounding the superiority of buying and using local servers instead of renting space in the cloud. It’s true: owning servers does offer companies a wealth of unique features. You can buy the exact storage capabilities you need; you can keep them inside the office to allow instant access; you can augment them as you please. However, while in-house servers do come with added security — you would be able to fully control physical security, for example — most companies can’t afford the initial and maintenance costs that accompany server ownership.

Questions related to costs and fees are much more likely to yield information you can use. If your company is right on the line in its ability to afford its own servers, it is important to weigh the pros and cons, and fully understanding the cost of services that come with cloud computing will help. Companies will have different rates for different usage, but by asking around you can usually find a rate that demonstrates how cost effective cloud computing is in comparison to server owning.

Have Your Systems Ever Been Infiltrated?
content2It makes sense to size up the power behind a cloud provider by learning about its past security breaches. After all, if they’ve been hacked before, it could demonstrate their laxity in security measures. Penetrated security seems likely to be penetrated again. However, this fails to take into consideration the fact that companies learn from their mistakes and drastically increase security measures after a breach.

Instead, a better question would be to ask companies what vulnerabilities they’ve historically found in their systems and what measures they’ve taken to remedy them. Some companies have always had strong security systems in place; Safenet cloud security, for example, has a proven history of continuous updates. However, even as security improves, hackers change their tactics, and companies’ responses to past attacks demonstrate their value as cloud providers.

Can We Get This Over With?
Far too many companies rush through to the end, when they sign the contract and start making payments, and fail to do any research at all into various services and security measures they are receiving. Just as if you were interviewing a job candidate, you must actually listen to your prospects’ answers to determine if they will work with your company to provide the most applicable cloud computing possible. While rates and past performance are key, there are myriad other small issues you’re likely neglecting to consider while cloud provider shopping. Here’s a brief list to get you thinking about what your company needs to get into the cloud.

• What are the encryption protocols used by the provider? For example, does the provider encrypt data while it is both in transit and at rest? How does the provider encrypt data? How does the provider manage encryption keys?
• How is data destroyed by the provider?
• What physical security measures does the provider take to safeguard its servers and data? How does the provider screen employees and contractors to prevent physical breaches? Who has physical access to servers?
• What is the backup recovery protocol? How often is data backed up? How many copies are made, and where are those copies stored? Is there a disaster plan in place?
• Does the provider have more than one server location? Is it possible to designate a preferred location?
• What will happen to data if the provider company fails or shuts down?

There are hundreds of questions to ask potential cloud providers, and each one is important in its own way. Make sure you do research and get real information out of your potential providers. Being stuck with an unsuitable provider is bad, and being stuck with a simply bad provider is worse. If you ask the right questions, you can avoid both situations.