5 Questions to ask a 3 rd Party Cloud Provider



Similar documents
BMC s Security Strategy for ITSM in the SaaS Environment

Security Overview Enterprise-Class Secure Mobile File Sharing

Overview Servers and Infrastructure Communication channels Peer-to-Peer connections Data Compression and Encryption...

Securing the Service Desk in the Cloud

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

How To Use Egnyte

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Cloud Computing; What is it, How long has it been here, and Where is it going?

Estate Agents Authority

Things You Need to Know About Cloud Backup

Alliance Key Manager Solution Brief

Evaluate the Usability of Security Audits in Electronic Commerce

Security Architecture Whitepaper

Why self-signed certificates are much costlier and riskier than working with a trusted security vendor

Securing and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer

Clinical Trials in the Cloud: A New Paradigm?

IBX Business Network Platform Information Security Controls Document Classification [Public]

HIPAA Privacy & Security White Paper

AVLOR SERVER CLOUD RECOVERY

White Paper How Noah Mobile uses Microsoft Azure Core Services

USING GENIE REMOTELY

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Logz.io See the logz that matter

Secured Enterprise eprivacy Suite

HIPAA Security Matrix

Alliance AES Key Management

VMware vcloud Air HIPAA Matrix

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

A Strategic Approach to Enterprise Key Management

Data Grid Privacy and Secure Storage Service in Cloud Computing

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

Comprehensive VMware Virtual Machine Protection with Asigra Cloud Backup TM

Client Security Risk Assessment Questionnaire

EXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources

How To Protect Your Data From Being Hacked

GulfShore Bank Selects Cloud-Based Solution for Compliance Advantages and Speedier Recovery Over Legacy Backup Environment

Securing the Microsoft Cloud

YubiCloud OTP Validation Service. Version 1.2

Security Assessment Report

Security Information & Policies

Memeo C1 Secure File Transfer and Compliance

ADVANCE SECURITY TO CLOUD DATA STORAGE

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

What To Do if Compromised. Visa USA Fraud Investigations and Incident Management Procedures

Paxata Security Overview

Conquering PCI DSS Compliance

Securing Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution

Logging In: Auditing Cybersecurity in an Unsecure World

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

Agio Remote Monitoring and Management

ACHIEVING HIPAA COMPLIANCE WITH POSTGRES PLUS CLOUD DATABASE

Hengtian Information Security White Paper

Credit Unions and The Cloud. By: Chris Sachse

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

REMOTE BACKUP-WHY SO VITAL?

Blaze Vault Online Backup. Whitepaper Data Security

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

Enterprise Backup Overview Protecting Your Most Important Asset

FAQ Answers to frequently asked questions relating to the security, protection and redundancy of images stored in the Eclipse Data Center

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

RSA SecurID Two-factor Authentication

Information Blue Valley Schools FEBRUARY 2015

Network Security: Policies and Guidelines for Effective Network Management

CLOUD COMPUTING OVERVIEW

Desktop Solutions SolutioWhitepaper

Policy Outsourcing and Cloud Based File Sharing

ISO COMPLIANCE WITH OBSERVEIT

Cloud Security: The Grand Challenge

Securing Data in the Cloud 10 Critical Questions to Ask Your Cloud Provider

Remote Data Backups Systrust Certified Data Security Solution

Payment Card Industry Data Security Standard

WHITEPAPER. 7 Reasons Why Businesses are Shifting to Cloud Backup

Assessing Risks in the Cloud

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

IT Security. Securing Your Business Investments

Cloud Computing: Legal Risks and Best Practices

Credit Card Security

CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013

nfrascale BACKUP Total Data Protection Physical, VM & Cloud

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Introduction to Cloud Services

Teleran PCI Customer Case Study

VMware vcloud Powered Services

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

Everything You Need To Know About Cloud Computing

The Cloud On A Clear Day. Neal Juern

Quattra s Cloud Vision & Framework Value

Security Controls What Works. Southside Virginia Community College: Security Awareness

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

security policy Purpose The purpose of this paper is to outline the steps required for developing and maintaining a corporate security policy.

Move to the cloud without compromising security

Enterprise level security, the Huddle way.

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

With Eversync s cloud data tiering, the customer can tier data protection as follows:

ELECTRONIC INFORMATION SECURITY A.R.

Transcription:

Effective Data, Inc. White Paper: 5 Questions to ask a 3 rd Party Cloud Provider By Timothy Wightman 1515 E. Woodfield Rd. Suite 200 Schaumburg, IL 60173 Tel (847) 969-9300 Fax (847) 969-9350 www.effective-data.com

TABLE OF CONTENTS Introduction What is Cloud Computing 5 Questions to ask a 3 rd Party Cloud Provider Conclusion About Us Page 2

Introduction Currently many businesses have evaluated their current IT infrastructure and determined that outsourcing data to the cloud is more efficient and cost-effective, since the cloud allows data to be accessed from anywhere in the world. Third-party cloud servers provide businesses efficiency and flexibility since companies use as much or as little storage capacity as they need. About Effective Data (ED), we specialize in EDI Consulting and Data Integration. Founded by EDI experts, ED has been a pioneer in the electronic commerce consulting arena for over 22 years. Effective Data's core competency is developing and managing technically robust EDI solutions. With each project, our EDI Specialists collaborate to identify key business objectives, define a solution and continually manage the project through implementation. This is all prepared with a thorough understanding of industry standards, best practices and technology. ED has supported companies of all sizes and in every industry. We are a vendor agnostic company that does not endorse any single product or service. We work with all EDI, EAI and B2B platforms. Headquartered in the Chicagoland area with satellite offices throughout the United States, we are prepared to provide all your EDI and Data Integration needs nationwide. Page 3

What is Cloud Computing? In computer networking, cloud computing is a phrase used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet. It is very similar to the concept of utility computing. In science, cloud computing is a synonym for distributed computing over a network, and means the ability to run a program or application on many connected computers at the same time. The phrase is often used in reference to network-based services, which appear to be provided by real server hardware, and are in fact served up by virtual hardware, simulated by software running on one or more real machines. Such virtual servers do not physically exist and can therefore be moved around and scaled up or down on the fly without affecting the end user, somewhat like a cloud becoming larger or smaller without being a physical object. In common usage, the term "the cloud" is essentially a metaphor for the Internet. Marketers have further popularized the phrase "in the cloud" to refer to software, platforms and infrastructure that are sold "as a service", i.e. remotely through the Internet. Typically, the seller has actual energy-consuming servers which host products and services from a remote location, so end-users don't have to; they can simply log on to the network without installing anything. The major models of cloud computing service are known as software as a service, platform as a service, and infrastructure as a service. These cloud services may be offered in a public, private or hybrid network. Source: Wikipedia Page 4

5 Questions to ask a 3 rd Party Cloud Provider 1) What is your data encryption policy? Your vendor should have a policy of encryption for all data in transit, at rest, or in mobile devices. Pay particular attention to the vendor s data decryption process. By failing to encrypt all data, you risk information compromise or serious regulatory compliance issues. The highest standards for encryption are 256-bit Advanced Encryption Standard (AES) SSL for transit, and 256-bit AES for data at rest approved by the National Security Agency and used globally. A note about decryption: This is the process of decoding data that have been encrypted into a secret format. Decryption requires a secret key or password. Pay particular attention to the vendor s data decryption process. It needs to be easy to use but also totally secure. It s just as important as the vendor s encryption policy. If you can encode messages (or information) in such a way that hackers cannot read it, but others who are allowed to decode it cannot read it, there could be a problem. 2) How do you manage encryption keys? Many security breaches occur because of lax management regarding the encryption keys. When evaluating third-party vendors, make sure the company provides separation between the encryption data and the encryption keys. You should expect candidates to have separate data sets centers; this provides enhanced security by eliminating a single point of failure. Examine the vendor s business process to determine the extent of access to data systems by its employees, which should be strictly limited. The process should have safeguards to ensure that encrypted file data and the correct file version encryption key are brought together only as needed. 3) What data protection certifications do you have? Vendors earn certifications for a broad range of tasks, ranging from information handling at a particular data center to business practices for protecting information. If you want the very best in data security, select a company whose data centers passed asoc 1 audit under SSAE-16 guidelines (formerly called SAS70 Type II) and were tested by outside auditors. Data centers that pass the SSAE-16 audit have completed meticulous requirements related to physical security, physical access, and internal business controls. Also question the provider about the process for destroying data. The company should answer that it follows and complies with Department of Defense 5220.22-M or NIST 800-88 the standard for disk erasure. Page 5

4) What is your standard for data durability? It is mission-critical to have your data available 24/7, 365 days a year, and without corruption. For this service to be considered excellent was 99.999% ( five nines ); however, some vendors today now offer 10 or 11 nines. Your cloud storage provider should back up all data in triplicate at various data centers. This protects against connectivity issues or if a data center goes down unexpectedly. The backup data should synchronize automatically and immediately. 5) How much control do I have over data stored in the cloud? You may want to maintain control over data for its entire lifecycle. This includes when and how your data streams, how it is physically stored, and how you manage creating data or capturing files, documents, or messages. Make sure the vendor has policies that complement your need to upload content and manage users accounts or devices that have the ability to access or make changes to the system. Evaluate the vendor s plan for unexpected incidents, such as sending data to the wrong location because of errors, configuration problems, or malicious intent. These 5 questions to ask a potential cloud computing outsource are by no means comprehensive, but should help in your search to find the right partner. Page 6

Conclusion Take Action Visit us on the web at www.effective-data.com Call us at (847) 969-9300 Schedule a business case assessment Page 7

Business Partnerships Page 8

Implementers of Page 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information