Tips on Managing Risk in the Cloud Computing

BECAUSE CLOUD PROVIDERS run in a multi-tenant environment, they create the potential or enormous risk aggregation. Just one bad actor can open up all customers to a data privacy breach or interruption of services. To avoid becoming the casualty of these kinds of disasters, here are some questions to ask cloud providers.

• Is the provider insured, and for what kinds of breaches: data privacy, network interruptions, business interruptions, cyber-extortion loss?
• For how much is the provider insured?Does the provider have customers in regulated industries (i.e., those governed by the Health Insurance Portability and Accountability Act or Sarbanes-Oxley)?
• Can these customers be contacted for references?
• Has a rogue employee ever disrupted the provider’s services?
• How long does it take the provider to restore operations after a computer attack or unplanned system outage?
• Within the past three years, has the provider ever been accused of a privacy violation by a business customer, consumer or government agency?
• Does the provider have a third-party endorsement or certificate of its privacy process and practices?
• Can it provide details?
• Does the provider have specific privacy provisions in any subcontracting agreements?Has a third party audited the provider’s network security processes and practices?
• Can the provider offer details?What data encryption services does the provider offer?
• Which physical security measures does the provider have in place to control and monitor human access to its main servers and customer data?