Cloud computing places the burden of security on the provider, but doesn't relieve you of the responsibility for protecting personal and sensitive data. Therefore it becomes essential to conduct a thorough review of the provider's security to ensure good governance. This means inspecting their information security policy and procedures against proven standards, such as ISO 27001.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
You must also ask for proof of their staff vetting and management processes, as well as their technical infrastructure. They must be able to assure you of their data security controls, such as encryption of data, both in transit and at rest. The provider should be able to demonstrate that it conducts regular, independent audits and penetration tests, and be willing to share the results with you. Your contract should also give you the right to conduct audits and tests of your own.
Related Q&A from Peter Wood
When sensitive documents are frequently travelling back and forth between a company and its business partners, email security becomes very important....continue reading
In this expert response, Peter Wood explains the difference between database activity monitoring systems and security information and event ...continue reading
In this expert response, Peter Wood outlines some alternatives to NAC systems, and explains why, sometimes, NAC systems really are the best choice.continue reading