Making the Leap to the Cloud: Is My Data Private and Secure? (Part 4 of 4)

November 4, 2013

Law in the CloudIn Part 3 we talked about the role that your organization plays in protecting your data, and the relationship between you and your cloud computing vendor. In this final installment, we offer advice on how to choose the right cloud computing provider. Here are some questions you should ask:

How many years have you been providing cloud computing solutions?

Look for a provider that has demonstrated years of experience in cloud computing solutions. Cloud computing has been around for more than 10 years, and the most experienced vendors have worked through all its complexities.

What class of data center do you use?

Look for providers that offer tier 4 data centers. Tier 4 data centers offer built-in redundancies that are important for protecting sensitive data.

Do you have backup data centers? Is my data replicated at multiple data centers?

Providers with backup data centers can ensure uninterrupted service in case of infrastructure failure. This will also demonstrate the level of investment the provider has dedicated to your cloud computing solution.

Have you ever had a security breach?

When and how will you notify me if there is a security breach? Hopefully, your provider has never had a security breach. If they have, find out what they learned from it and how they plan to prevent it from happening again. Also, make sure they have procedures in place to notify you if a breach does happen.

What experience do you have with the legal industry and the public sector in particular?

Attorneys have a duty to safeguard sensitive information, which makes many attorneys understandably wary about placing confidential data on a vendor’s servers. Make sure that your cloud computing vendor is sensitive to the security needs of attorneys, especially those in the public sector. Learning how they’ve secured sensitive data for other government organizations will help you understand their level of experience with the legal profession and public sector.

What is your largest customer?

The answer to this question can help you determine whether the size of your organization is a good fit with the resources the provider has to offer.

If I use your company to store my data, will it be accessible to anyone on the Internet?

There are two types of cloud computing services. The first type is public cloud computing, which hosts public applications like Yahoo and Google. These types of services are publically accessible via the Internet. The other type is called private cloud computing. These applications are restricted between the cloud computing provider and their clients who subscribe to the service. Most business applications are private cloud computing applications.

How will I be able to access my data?

You need to discuss the types of data access that your cloud computing provider offers. You should also discuss how you will receive your data should you choose to switch cloud computing providers and move your data to a new location.

Should I be concerned about the security of public wireless Internet connections, such as those at coffee shops?

Each environment carries its own set of security risks, and public Internet connections are no exception. However, most cloud computing solutions use secure encrypted communications. These sophisticated encryption methods help ensure that even if someone does intercept your data, they will not be able to decipher it. To ensure that you are running an encrypted connection, simply look at the URL of the web address. It should say “HTTPS://” not “HTTP://”.

What policies do you have in place to protect the privacy of my data?

Make sure the provider’s employees understand how to protect your data. Ensure that they have procedures in place to maintain their standards.

What types of security audits do you perform on your systems to protect me from hackers?

Look for providers that contract with third party intrusion detection audits. This demonstrates an ongoing commitment to maintaining the highest level of security.

What happens to my performance if your client base grows rapidly? Is your system scalable?

You should make sure your provider is monitoring the load on their servers and has a proactive plan in place to add servers if necessary.

How many clients do you have in your shared cloud computing environment?

Most providers offer a shared infrastructure. Make sure they have a significant number of clients using their cloud computing solutions. This demonstrates experience, client satisfaction, and scalability.

Can I visit a data center to inspect the facilities?

Many data centers provide scheduled tours of their facilities. These tours will highlight the data center’s physical security capabilities and technology.

How can you help me optimize performance if my applications don’t work well with your hosting?

Cloud computing providers should have technical experts on staff who know how to optimize application performance over the Internet.

How do you monitor your system performance?

Experienced cloud computing providers should have sophisticated tools for monitoring their servers and performance metrics. They should manage system availability and schedule system maintenance in a way that minimizes disruption.

How is your support team trained to protect the privacy of my data? What kind of support can I expect?

The support team at any cloud computing provider should have strict procedures in place for protecting the privacy of your data, and they should be enforced consistently.

Choosing a cloud computing provider is a big decision. But a good provider should be more than happy to answer your questions and help you find the right solution. And once you do implement cloud computing, you’re likely to find that it’s one of the best and most cost-effective investments your organization has made.