Basic Questions to Ask Your Cloud Security Provider
Choosing a cloud security provider isn’t easy. There’s a lot to consider when you’re even beginning to make a list of these providers. Of course you want to make sure that you can trust your provider, and we want to help you determine if they can meet your needs.
No matter where you are in your security evaluation process, it’s good to go in with some questions already in mind.
We’ve already covered some easy ways to increase your cloud’s security, and some of the basic risks. But if you’re considering a cloud security provider, we’ll give you a starting place for your evaluations. Here are three basic questions to ask your cloud security provider.
1. Where’s My Data?
It’s a simple but important question:
Where is your data going to be located? Is it going to be across several different servers, or a dedicated server, or some combination of both?
It’s important to know where your data is going to be stored and who’s going to be protecting it. Especially if you have to abide by certain rules and regulations, such as with financial institutions.
Knowing where your data is—or even better, your options for storing it—is incredibly important.
We recommend spreading your data across multiple servers to spread your risk, but your provider might know your use case better and may suggest other options.
2. What’s Our Worst-Case Scenario?
It’s something that not everyone wants to think about, but in this case, you have to. Ask potential cloud security providers questions like the following:
· Who do you call in an emergency?
· What happens if there’s a breach over the weekend?
· Who’s responsible for managing it?
· How will your provider alert you?
· What’s their procedure for when a client’s data is breached?
It’s important that you ask these questions. Your provider should be able to provide you with a definite answer that fits your particular needs.
Another critical question would be one of how they might implement Zero Trust in their security practices. We’ve already explained how Zero Trust systems could have prevented some of the biggest data breaches of the last five years. You should be asking them the same questions too.
And if your cloud security provider can’t answer these questions, well, you can probably cross them off your list.
3. Who Gets The (Encryption) Keys?
I don’t think we’d have a blog post where we didn’t talk about cloud security and encryption.
We’ve only talked about how encryption can be that final line of defense that can keep some of your most sensitive data from being stolen. We’d be doing a disservice to not mention it here.
Asking vendors how they handle encryption, particularly who controls the encryption keys, is a pretty basic question for you.
Encryption works basically like a lock and key system. The encrypted files need a unique “key” to open them. Otherwise, they’re useless to an attacker.
In some cases, how your provider handles encryption keys can be a make-or-break question on whether you’d like to use that firm’s services.
We’ve already warned against vendor overreliance in previous blog posts. We recommend that if you’ve got particularly sensitive data (e.g. financial data), those encryption keys are better off in your hands than in anyone else’s.
Your ideal cloud security provider should be able to provide you with those keys. But just remember too that those keys are unique, and to keep them in a secure location. Otherwise, it’s a lot like losing your actual keys to your car (i.e. not fun).
While these questions are pretty basic, it’s important that you ask them anyway. Your provider needs to be honest with you about what they can or can’t do for you. Asking all of these questions relating to your data, encryption keys, and vendor reliability are necessary to giving you that peace of mind when you’re considering vendors to secure your cloud network.
Want to learn more about cloud security? We’ve got you covered. Check out our other posts: