[ Huaqiang Security Network News ] Cloud storage partners, it is very important to do your homework in advance to find out how others do it. The good advice from colleagues on the front line is gold. FelixSantos, EVault's director of information security, is a member of the cloud storage frontline and selected cloud storage partners as eWEEK's mentor. The following are the 10 steps to choose the right partner. 
1. Understand the security responsibility of suppliers The security responsibilities of cloud providers are differentiated by different service models. For cloud providers that provide the entire service - Infrastructure Services (Iaas), Platform as a Service (Paas) and Software as a Service (SaaS) - Security is the sole responsibility of the vendor, including physics, environment, infrastructure, applications and Data security as well as people, processes and technology. In contrast, providers that offer a service, such as Amazon's ElasticCloudCompute (EC2) laas, are only responsible for the security of a particular item, and the rest is yours.
2. Understand Service Level Agreements (SLAs) and Customer Service Read SLAs - yes, all terms - understand them. SLAs provide protection for services, and many suppliers provide compensation if they fail to keep promises. While these offers are slickly appealing, they are not always equated with quality customer service. Are you really willing to work with a supplier that is in error for the sake of security, rather than working with a reliable supplier? In addition, find a supplier with a team of industry experts and a dedicated team of experts who can work for you all day.
3. Ensuring regulatory requirements is a top priority. Regulatory specifications are very complex and are full of test controls for each link. To ease the burden on IT departments, choose a vendor that understands different regulatory requirements, such as the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), and the Graeme-Rich-Billy Method (GLBA). In addition, you need to find a partner who is certified by SSAE-16 (a key industry auditing standard). As a resource, always refer to ISO27001, CoBIT or other applicable standards to help you make informed decisions.
4. This is a mobile world: Keeping your data safe With the growth of mobile workforce, data security for smartphones, laptops and tablets is a priority for every organization. Mobile devices often carry critical data; then, many companies cannot adequately protect them. A recent study by the Ponemon Institute found that only 39% of the institutions surveyed had the necessary security controls to reduce the risk of unsafe mobile devices. Once they were lost or stolen, they would Under great risks. When choosing a cloud storage provider, make sure they not only protect your company's on-site data, but also fully protect the employees who use the mobile device when they leave.
5. Reviewing the supplier's environment Cloud partners must have excellent security measures within their own networks and devices; it must ensure that data is not accessed without the data owner's permission. Encryption is also key; when data is generated on your network, it should be encrypted by the vendor, protected during network transmission, and encrypted for storage on the cloud.
6. Background investigation of potential cloud partners In the late 1990s, a group of financial institutions formed an open community called BITS.BITS standard information survey is a good way to evaluate cloud providers. It covers the business environment, information security, measures and processes for managing security projects, asset management, risk management and appropriate incident response processing.
7. Choose a flexible solution If you are a small company looking for outsourced data storage, it's very likely that as your business grows, you want to internalize these services. Some storage vendors can make this transition more seamless. Be sure to assess your business needs, not only in the near future, but in the long run.
8. Ensuring the Resilience of Data In the past few years, data loss due to a series of hurricanes, earthquakes, floods and storms has attracted more attention during post-disaster recovery. It is imperative that your data be backed up in a remote, off-site data center. According to Forrester's enterprise disaster recovery plan in the second quarter of 2011, “Enterprises are not only consolidating their backup sites, but also reducing their distance. This is a dangerous sign for companies whose disaster recovery sites are close to them. It may be affected by the same disaster.†Choose a data center away from the partners of your main organization, and it is absolutely safe, so you can definitely recover from the disaster.
9. Clear where the data is stored Many cloud products are not clear where the customer data will be stored. Some actually consider cloud services that provide "ignoring location" as a benefit. The actual physical location of the data is very important for regulatory purposes. In addition, if you are using cloud storage for your disaster recovery plan or attempting to pass rigorous security checks, the location of the data and the mechanisms for making data access are critical.
10, take a good look at the cost of the cost, for obvious reasons, is a determinant of the choice of cloud storage partners. Although it may seem like a simple evaluation method, it is actually nothing. There is a serious lack of consistency between suppliers, regardless of what the customer pays and what they get. The different features and virtualization make the pricing model even more complicated. It's best to clearly understand what you need, what you will pay and what the final cost is. Remember, you don't need to move all IT operations to the cloud right away; cloud/preset combinations are a reasonable choice. Your reason is that considering the cloud can reduce costs, but improper planning and a bad supplier choice will make you find yourself paying for services that you don't need or don't understand.
2. Understand Service Level Agreements (SLAs) and Customer Service Read SLAs - yes, all terms - understand them. SLAs provide protection for services, and many suppliers provide compensation if they fail to keep promises. While these offers are slickly appealing, they are not always equated with quality customer service. Are you really willing to work with a supplier that is in error for the sake of security, rather than working with a reliable supplier? In addition, find a supplier with a team of industry experts and a dedicated team of experts who can work for you all day.
3. Ensuring regulatory requirements is a top priority. Regulatory specifications are very complex and are full of test controls for each link. To ease the burden on IT departments, choose a vendor that understands different regulatory requirements, such as the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA), and the Graeme-Rich-Billy Method (GLBA). In addition, you need to find a partner who is certified by SSAE-16 (a key industry auditing standard). As a resource, always refer to ISO27001, CoBIT or other applicable standards to help you make informed decisions.
4. This is a mobile world: Keeping your data safe With the growth of mobile workforce, data security for smartphones, laptops and tablets is a priority for every organization. Mobile devices often carry critical data; then, many companies cannot adequately protect them. A recent study by the Ponemon Institute found that only 39% of the institutions surveyed had the necessary security controls to reduce the risk of unsafe mobile devices. Once they were lost or stolen, they would Under great risks. When choosing a cloud storage provider, make sure they not only protect your company's on-site data, but also fully protect the employees who use the mobile device when they leave.
5. Reviewing the supplier's environment Cloud partners must have excellent security measures within their own networks and devices; it must ensure that data is not accessed without the data owner's permission. Encryption is also key; when data is generated on your network, it should be encrypted by the vendor, protected during network transmission, and encrypted for storage on the cloud.
6. Background investigation of potential cloud partners In the late 1990s, a group of financial institutions formed an open community called BITS.BITS standard information survey is a good way to evaluate cloud providers. It covers the business environment, information security, measures and processes for managing security projects, asset management, risk management and appropriate incident response processing.
7. Choose a flexible solution If you are a small company looking for outsourced data storage, it's very likely that as your business grows, you want to internalize these services. Some storage vendors can make this transition more seamless. Be sure to assess your business needs, not only in the near future, but in the long run.
8. Ensuring the Resilience of Data In the past few years, data loss due to a series of hurricanes, earthquakes, floods and storms has attracted more attention during post-disaster recovery. It is imperative that your data be backed up in a remote, off-site data center. According to Forrester's enterprise disaster recovery plan in the second quarter of 2011, “Enterprises are not only consolidating their backup sites, but also reducing their distance. This is a dangerous sign for companies whose disaster recovery sites are close to them. It may be affected by the same disaster.†Choose a data center away from the partners of your main organization, and it is absolutely safe, so you can definitely recover from the disaster.
9. Clear where the data is stored Many cloud products are not clear where the customer data will be stored. Some actually consider cloud services that provide "ignoring location" as a benefit. The actual physical location of the data is very important for regulatory purposes. In addition, if you are using cloud storage for your disaster recovery plan or attempting to pass rigorous security checks, the location of the data and the mechanisms for making data access are critical.
10, take a good look at the cost of the cost, for obvious reasons, is a determinant of the choice of cloud storage partners. Although it may seem like a simple evaluation method, it is actually nothing. There is a serious lack of consistency between suppliers, regardless of what the customer pays and what they get. The different features and virtualization make the pricing model even more complicated. It's best to clearly understand what you need, what you will pay and what the final cost is. Remember, you don't need to move all IT operations to the cloud right away; cloud/preset combinations are a reasonable choice. Your reason is that considering the cloud can reduce costs, but improper planning and a bad supplier choice will make you find yourself paying for services that you don't need or don't understand.
Ningbo FLK Technology Co., Ltd. , https://www.flk-global.com