Questions You Should Be Asking Your Cloud Service ProviderJamie Tischart| CTO Cloud | SaaS, Intel Security

2

When Vetting a Cloud Service or SaaS Provider

Don’t make assumptions on what security is and isn’t included.

Perform in-depth reviews of the terms & conditions.

Each service will usually have different T&C’s, so review them all.

Find out how they handle data security and

privacy.

3

Security Questions

4

Do you outsource any of your

data storage?

Who has access to my data, both physically and virtually?

5

How do you handle legal

requests for data review?

6

What is your data architecture, and how is my data isolated from your other customers?

How and when is my data

deleted?

7

What certifications and

| or third-party audits are

performed on your service?

8

Privacy Questions

9

What data do you collect from my

organization, and how is it kept

private?

What is that data used for?

10

How long do you retain that

data?

11

Do you encrypt the data in any manner?

Where is the data

stored?

12

Do you roll up data and transmit it to other internal or

external entities, and if so,

how is it transmitted and to where?

13

Operational Questions

14

What is your database and

storage architecture redundancy

model?

What is your backup frequency?

15

What is the recovery time

from failure: minimum,

average, and maximum?

How can I access or download my data from your service?

16

Do you provide any analytic tools for my data?

In the event of data

corruption, what is the maximum data loss that I can

expect?

17

Conclusions• Do the groundwork. Review all of

your contracts. • If guarantees and offers are not clear,

ask for clarification.

• Be sure to know the security, privacy and operational practices and guarantees.

For more information

www.intelsecurity.com/cloudsecurity

Follow me: @Tischart