Questions You Should Be Asking Your Cloud Service Provider Jamie Tischart| CTO Cloud | SaaS, Intel Security
Questions You Should Be Asking Your Cloud Service ProviderJamie Tischart| CTO Cloud | SaaS, Intel Security
2
When Vetting a Cloud Service or SaaS Provider
Don’t make assumptions on what security is and isn’t included.
Perform in-depth reviews of the terms & conditions.
Each service will usually have different T&C’s, so review them all.
Find out how they handle data security and
privacy.
3
Security Questions
4
Do you outsource any of your
data storage?
Who has access to my data, both physically and virtually?
5
How do you handle legal
requests for data review?
6
What is your data architecture, and how is my data isolated from your other customers?
How and when is my data
deleted?
7
What certifications and
| or third-party audits are
performed on your service?
8
Privacy Questions
9
What data do you collect from my
organization, and how is it kept
private?
What is that data used for?
10
How long do you retain that
data?
11
Do you encrypt the data in any manner?
Where is the data
stored?
12
Do you roll up data and transmit it to other internal or
external entities, and if so,
how is it transmitted and to where?
13
Operational Questions
14
What is your database and
storage architecture redundancy
model?
What is your backup frequency?
15
What is the recovery time
from failure: minimum,
average, and maximum?
How can I access or download my data from your service?
16
Do you provide any analytic tools for my data?
In the event of data
corruption, what is the maximum data loss that I can
expect?
17
Conclusions• Do the groundwork. Review all of
your contracts. • If guarantees and offers are not clear,
ask for clarification.
• Be sure to know the security, privacy and operational practices and guarantees.
For more information
www.intelsecurity.com/cloudsecurity
Follow me: @Tischart