Know the Cloud Provider’s Security Policies and Procedures

As discussed throughout this book, many clients are apprehensive about storing their data within the cloud. To reduce such concerns, the IT manager should thoroughly understand the provider’s security plans, policies, and procedures. Specifically, the manager should be aware of the provider’s multitenant use, e-commerce processing, employee screening, and use of encryption. The manager should examine the provider’s use of firewalls, intrusion detection, and security mechanisms. Again, many security factors should be defined within the SLA.

As you evaluate cloud providers, you should inquire as to the security certifications they hold. Common certifications include Systems and Organizational Controls (SOC 1, SOC 2, SOC 3), PCI, and HITRUST.