In a recent article in the Tech Republic, Ask Potential Cloud Vendors These 10 Security Questions, Dominic Vogel discusses the top 10 security questions to ask potential cloud vendors.
Their is an extremely high standard of security that is expected from cloud providers, so it is increasingly important to be diligent in the vendor selection process.
Vogel says "before deciding to engage with a cloud provider, ask them to answer (truthfully) this security questionnaire to gauge their information security maturity". So here we go:
Does the organization have formal written information security policies? YES
Are external third-party contracts required to comply with policies and customer agreements? NO
Does the organization have a formal change control process? YES
Is physical access to data processing equipment (servers and network equipment) restricted? YES
Do they follow secure data destruction processes for confidential data and IT equipment/media? YES
Do they implement controls to segregate your data from other customers? YES
Does the organization encrypt (and regularly test) its backups? YES
Does the organization have regularly tested disaster recovery plans for data processing facilities? YES
Can they provide results of a third-party external audit conducted within the past two years? YES
Will they provide relevant certificates of applicable compliance certifications? YES
Feel free to reach out to me to go into any more details on these questions.