Companies are realizing cost savings, scalability and less need for a full IT staff with cloud services. The following is a list of requirements a cloud vendor must meet to earn your trust.
2. What makes you trust a cloud
computing vendor?
• This is one of the hottest
topics in cloud computing
today
• Companies are realizing
cost savings, scalability and
less need for a full IT staff
with cloud services
• The following is a list of
requirements a cloud
vendor must meet to earn
your trust
3. Cloud Trust Factors (1-3)
1. Good, honest service procedures
1. Customer self-service with access to continuous
monitoring for security/audit purposes (i.e. users
identities and access - like Gmail)
1. Service Level Agreement (SLA) terms.
• Defines performance and reliability of the provider and
guarantees penalties if they fail to perform that level of
performance
4. Cloud Trust Factors (4-8)
4. Vendor’s infrastructure is in compliance with government
standards such as FISMA and OMB
5. Government/independent body certifications in data security
6. Confidentiality, integrity & availability of data
7. Option to test with non-sensitive data before importing critical
files
8. Established remedies for cross-border legal issues if the
provider is not in the same country as you
5. Cloud Trust Factors (9-12)
9. Ability to classify the sensitivity of your data before
entrusting it to the cloud
10. Clear definitions of the control that users have over
their data
11. Encryption key management and identity/access
management/audit ability
– 256 bit encryption is ideal
12. Clear security measures, not reliance on others to ‘do
the right thing’
6. Cloud Trust Factors (13-15)
13. Clearly established level of risk vs. potential value of
cloud services
14. Willingness of the provider to make needed
changes and to integrate their own security
processes with yours
15. Protection guarantee in the event of data loss or
breach
7. Keep Yourself Safe
• Ensure that the cloud provider
has:
– Good reputation in the
industry and within the
community
– SLA or terms of use set up
– A way to contact someone at
the company if needed
• Ensure that you:
– Never share information that is
too personal or
exposes/breaches to company
security if ever leaked
– Always have an online backup
plan