Many consumers and businesses are flocking to cloud computing as they see an opportunity to compete on equal footing with well established firms with big IT infrastructure. Even though there are apprehensions in the minds of clould computing customers, partly due to the myths promoted by some pundits and vendors whose core business is threatened by the proliferation of cloud based services, we are seeing a constant uptick in the customer adoption of cloud technologies.
Cloud computing offers major opportunities but it also offer some challenges. Even though I disagree strongly with the myths promoted by the naysayers of cloud computing, I do understand and realize that the customers should take an educated approach towards cloud adoption. In this post, I am going to discuss some of the issues the customers should take care while moving their data and apps to the web. The customers should ask some tough questions to the vendors in order to ensure that their data is safe.
Anyone who is planning to move to cloud based computing , should ask the following questions to the vendors before trusting their data with them. This is not an exhaustive list by any means but a good starting point. The needs of every customer will be unique and the questions should be tailored to cover specific requirements.
- What is vendor’s approach to the security of their infrastructure? Don’t expect any vendor to share the nuts and bolts of their infrastructure security. However, they should be able to offer an overview of their approach.
- What are the security procedures that are in place to protect the data center? How many employees have access to the
data on their infrastructure and how well they are vetted?
- What are the encryption technologies used by the vendors to authenticate users to the services? What level of encryption do vendors offer to their customers to protect their data?
- How secure are their SaaS apps and do they work with any independent security group to establish the security of their app code?
- What are their terms when it comes to ownership of data?
- How easy it is to export the data from their service in order to move to a new service? Are there any extra charges for exporting the data out of a cloud vendor’s service?
- Do they delete the data completely when the customer deletes it from their web service?
- What is their policy when law enforcement sends a subpoena to grab the customer data? Are they going to hand over the
data on a golden platter or are they going to take the fight all the way to offer as much protection as possible from the big brother?
- Courts are still not sure of how they treat data in the cloud vis a vis data on the personal desktops. Customers should prod the cloud vendors into taking initiatives to change the existing laws and to offer better protection for the data in the cloud.
- How many copies of customer’s data do the vendors keep and are they stored in geographically separated regions?
- If they are stored in geographically diverse regions, what are the countries where the data resides and what are the laws governing security and privacy of user data in those countries?
- Do they offer SLA for their services?
These are some of the questions which the business customers should definitely ask the cloud vendors. Individual consumers may not bother about many of the questions listed above. However, these questions, and few others based on the individual business needs, are very important for customers in the SMB segment before they trust them with their business data. It is also advisable for the cloud vendors to tackle such questions in the format of a FAQ and such an approach will help motivate more and more people into moving their data to the clouds.