Sep 15, 2016

Top 10 Security Questions Your Cloud Provider Should Be Able to Answer


With the global cloud computing and hosting market estimated to be worth in excess of 94 billion dollars by 2017, the move to the cloud is no longer a far off notion for most businesses. It’s happening now. Both enterprise-level and small businesses are increasingly integrating cloud technology into their companies.

Whether you are considering using public/private/hybrid cloud tech for your business, security needs to be your top priority. If you are interviewing a number of cloud service providers before signing a contract, potential candidates should be able to skillfully answer a series of cloud security questions. Consider asking the following questions before making a final decision on a cloud provider for your company.

1. How will your company protect my data?

From hacker attacks to system failures, cloud customers need to be 100% secure in their cloud provider’s’ ability to manage their data. If a service provider can’t give you extensive details on data protection, it is time to look elsewhere for a reliable cloud provider.

2. Can I integrate any of my current IT software with your cloud services and if so, how secure will the integration be?

Just because you are adopting cloud technology for your business, that does not mean you have to get rid of all existing technologies your company is currently using. A premium provider will be able to help you understand which components of your existing IT system will work well with their services and which will need to be retired in favor of cloud services.

3. Has your company ever been the victim of a distributed denial of service attack (DDoS), and if so, how did your company respond?

A denial of service attack can be devastating for your business. If you can’t access your data in the cloud, how can you possibly run your company and serve your customers. Before signing on the dotted line with a new cloud provider, make sure they give you the details on previous DDoOS attacks, their mitigation strategies, their response times, and how their customers were impacted.

4. Has your company ever experienced unauthorized access to customer data?

Just like a DDOS attack can be devastating, so can unauthorized access to your business data. Make sure a potential cloud provider is able to give you clear data on previous instances of unauthorized access. Whether the intrusion was the result of a terminated employee gaining access to data or security patches that weren’t in place, you need to know a service provider is completely focused on guarding your data.

5. Do you offer an API and if so, is my company’s data at risk?

A growing number of companies are offering APIs or open-sourcing their software. You need confirmation that your business’ data will in no way be impacted by a publicly available API. While it is admirable that a cloud provider wants to turn their business into a platform (instead of just a service), their choice to offer developers an API should not put your company at risk.

6. Does your service meet all regulatory and legal guidelines?

Companies storing data in the cloud are utilizing cloud technology for data transfers need to be 100% convinced they are meeting existing regulatory and legal guidelines. Especially for sensitive data like health records or financial information, a business that puts their customers’ data at risk can be subject to severe penalties. If a potential cloud provider can’t guarantee compliance, walk away and find a more secure provider who can.

7. How secure are your services if I opt for a hybrid cloud mix for my business?

A growing number of businesses are opting for hybrid cloud computing. Some data is stored in private clouds while other business operations run on a public cloud infrastructure. The cloud sales representative you are dealing with should be able to give you clear information regarding hybrid cloud computing options and how they will affect your company.

8. How do your services interact with IoT devices my company might choose to use?

IoT devices are playing an increasing role in business management. From IoT-enabled thermostats to IoT security cameras, the number of Internet of Things on business premises is only going to increase. If your IoT data is being processed in the cloud, you want assurances that the intersection of IoT and cloud data is impenetrable by hackers.

9. What sort of expertise do you require of your employees and do you require security certifications?

If you are going to put your business’ data in the hands of a cloud provider, you want assurances their employees meet strict standards. Does your potential provider insist on background checks for their employees and do they double-check the credentials they offer on their resume?

10. Do you insist that your employees participate in ongoing training?

Cloud computing is a rapidly evolving sector. New technologies are being developed on an ongoing basis. If you are going to utilize the services of a cloud provider, you want assurances their employees are trained on the latest advances in the industry. Failure to remain current with industry standards and certifications could put your business at risk.


Carefully consider the responses you receive to the above-listed cloud security questions. The reaction from the provider will be telling. Were you made to feel like you were asking too many questions? Did your sales representative appreciate your desire to make an informed decision?

A reputable cloud provider will take whatever time is necessary to ensure you are completely comfortable with their company’s service offerings. When you have received assurances and are convinced you have found the best cloud company for your needs, you can feel comfortable putting your business’ data in their hands. Is this the year you move your company’s data to the cloud?

Updated: January 2019

Explore HorizonIQ
Bare Metal


About Author


Read More