The benefits of cloud computing are obvious: it eliminates high up-front infrastructure costs, lets you make nimble technology decisions, offers you virtually unlimited storage capacity, and receives regular software updates.
But how can you determine which cloud providers to trust with your data? We've compiled some questions you should ask to determine if a cloud provider is worthy of your trust.
You need to know that the cloud provider is serious about security. This means that they have more than just written policies in place. They need a full-fledged information security program that clearly outlines exactly how they protect your data. This should include a dedicated team focused on protecting your data and procedures in place for monitoring and responding to incidents.
If a cloud provider is committed to protecting your data, they will be vigilant about finding weaknesses in their service, and fixing them quickly. They should be conducting regular vulnerability scans and several penetration tests a year. On top of managing vulnerabilities, your cloud provider should also have structured security monitoring and response procedures (like file integrity and anomaly detection tools for alerting on abnormalities in the system ). That way, they can detect an incident and respond to it accordingly.
At a minimum, your cloud provider should comply with relevant security standards like the CJIS Security Policy and ISO 27001. They should also be able to do more than just say they comply with these standards. Your cloud provider should be able to demonstrate compliance, providing certificates and audit reports when asked.
As cloud technologies become more prominent, cloud providers need to encrypt growing amounts of data. But encryption capabilities aren't the only key to your data's confidentiality. You also need to know which people (if any) at your cloud provider can access your data and what tools you'll have to manage user access. Your cloud provider should provide detailed audit logs, so you clearly see who has done what and when.
Your original files should never be altered. Your cloud provider should be able to make that promise, especially for critical data like evidence. You should learn if the cloud service offers chain of custody reports and a deletion workflow that protects against accidental deletion of data.
If a disaster occurs, you should expect your cloud provider to weather the storm. Your cloud services should be robustly built and managed to handle any type of emergency. Business continuity and formal disaster management programs are necessary to ensure your data is available even after a disruptive event.
When it comes to trusting a business with your valuable data, reputation matters. Make sure your cloud provider is a company with a sustainable business model and a proven track record of supporting its customers. Evaluate a cloud provider's overall long-term viability, which includes financial health and cash resources, before making any commitments.
Interested to learn more about the cloud? Check out our latest whitepaper, "5 Key Considerations When Deciding Between Cloud vs. On-Premise."