Last month I participated in a Microsoft Live Virtual Event at Microsoft’s Production Studios in Redmond, Washington called “A Look Ahead: Security in the Cloud” where I was asked various questions that are top of mind for customers as they consider acquiring cloud solutions. Here’s a link to that event where you can view my session and the sessions of other participants: http://aka.ms/sec_ondemand.
One of the primary questions that I addressed during my session is how a customer can identify a “trusted” cloud provider – which is of critical importance as customers entrust cloud providers to properly secure their data.
The key point is that customers need to engage in thoughtful due diligence when selecting a cloud provider. However a customer first needs to identify its team of professionals within its organization that will conduct such due diligence. That team may include an in-house lawyer, a representative from the chief privacy officer team, a representative from the chief security officer team, and a member of the risk management/compliance team. Once those folks are engaged, a customer can begin its cloud provider evaluation process and should focus its evaluation on these four considerations:
- How transparent is the cloud provider?
- How does the cloud provider protect data?
- How does the cloud provider embrace compliance?
- Does the cloud provider enable a customer to control its data?
Best of luck in your journey to the cloud!