Data Loss 1 | 2 | 3 | 4 | 5 | 6 You need to ask your cloud service provider what its data-protection policy is and what its audit procedures are. And then you should perform due diligence on those procedures. It’s vital to employ a carefully defined risk analysis of IT systems and […]
|
2|
3|
4|
5|
6 |
 |
 |
You need to ask your cloud service provider what its data-protection policy is and what its audit procedures are. And then you should perform due diligence on those procedures.
It’s vital to employ a carefully defined risk analysis of IT systems and procedures before deciding which cloud technology and service is best for your organization, writes Cyber-Ark VP Adam Bosnian in “Cloud Computing: Understanding the Risks and Questions to Ask Your Service Provider.� That analysis must be done before starting later steps such as creating service level agreements, remediation procedures and penalty clauses.
The four main stages in this analysis are as follows:
ID management and access control – Who is authorized to do what and when?
Regulatory requirements – Basel II, SOX, PCI, SAS70.
Data-handling processes – Where is the company’s data located? And how is it managed?
Staff management – What happens when someone leaves, comes on board or changes roles?
While cloud computing changes the data-handling ballgame significantly, the gap between network and cloud-based security analyses is not as great as some experts report it to be. (That is provided the IT security technology being employed – or planned – by the organization can handle cloud, as well as conventional, IT data-storage systems.) It’s necessary to assess the expectations that management and the business have for the cloud outsourcing contract. What precise functions must the outsourcing company complete? And to what performance and security criteria will that provider be held? The six questions Bosnian recommends are ideal for IT departments moving toward their first contract with a cloud provider. And be sure to read Adam’s full article, which elaborates on the answers that the IT department needs to be comfortable with before negotiating a final contract with a provider.
Enterprise Networking Planet aims to educate and assist IT administrators in building strong network infrastructures for their enterprise companies. Enterprise Networking Planet contributors write about relevant and useful topics on the cutting edge of enterprise networking based on years of personal experience in the field.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
