If you’re like most companies and you’re about to store LOTS of data in the cloud with a new SaaS provider, you do your homework. Hopefully you’ve done your cloud security research before you sign the dotted line. Below are key questions you should be checking off your list before putting crucial data in the cloud.
Has your cloud provider had a SOC2 Type II audit against the WebTrust Security Standard? This external audit is conducted to verify independently that security practices at the cloud provider meets the WebTrust standard which is a best practice. Any cloud service that has had an audit would have this on file to share with you.
Does your cloud provider contract with a 3rd party to conduct penetration testing on an annual basis? This is also a best practice in the industry – ask a cloud provider to see the results of their latest tests.
Is the provider open with encryption practices? Make sure you understand how keys are generated, where they are stored, and who has access to them. Ask about what types of encryption algorithms are being used. And if you’re not a PhD in Computer Science – fear not… just ensure that they are using an industry standard algorithm such as AES or RSA. You should feel confident that your data is always secure.
Looking for a more comprehensive checklist before you purchase a cloud-to-cloud backup provider? Check out our complimentary eBook: “How to Choose a Cloud-to-Cloud Backup Provider”.