Validating the Cloud
You are considering a Cloud Services Provider (CSP)- a vendor providing services that you share with other users – you need to consider whether the potential providers can give you the data integrity and security required by regulations. As a consumer of cloud computing services, you will be sharing the backend infrastructure that provides the services with other users. This backend infrastructure includes things such as fiber optic data lines, database infrastructure, routers, switches, firewalls, wireless towers and communication lines, backup generators, and physical security. How can you assure that your Cloud provider will protect your data?
We will evaluate how your potential provider evaluates and manages risk, how your data will be segregated and secured from that of other organizations, who at their organization will have access to your data and how it is this controlled, how will they ensure that no one has tampered with your data, how is the entire system protected from Internet threats, how are activities monitoring and audited, what certifications do they have, and how well they understand how you intend to use Cloud technology. It will also give you an indication as to whether they are audit-ready in case your Regulator or customer requests an audit of your provider.