Companies have a lot of questions when it comes to cloud security, so will you have the answers? In this post, we highlight five of the top security questions every MSP should be ready for.
Security isn’t just a concern for businesses and organization when adopting a cloud-based file sharing solution. Sometimes, it’s the only concern. And of course, with concerns come questions. As an MSP, you should be prepared to answer a long list of security-related questions from current and prospective customers. But which ones, exactly?
FT.com has a few suggestions. In a recently published article, they highlighted five key questions that we wanted to take a closer look at in today’s post. Here they are, in no particular order:
Where will my data be located?
“Seek assurances that their cloud providers have considered all possible disaster recovery scenarios, and can ensure back-up, restore and business continuity.”
Although the average consumer tends to think of the cloud in the abstract, the business user knows that the data has to live somewhere – a physical location. With a hybrid cloud, the answer is easy. But if your client is leveraging a public cloud, you should know the exact location(s). Granted this is a question that is likely to come up in discussions of BDR, but it’s becoming a key question on the part of businesses with regard to all types of cloud services.
How is the data protected?
“Check who is responsible for managing passwords and ensure these conform to your minimum specifications. Further protection can be provided by two-factor authentication.”
What are the precautions, in other words? Here you’ll need to answer questions related to user access privileges, password protection and other, more technically sophisticated areas like encryption, key management and monitoring. Remember, if the client doesn’t fully trust you with their sensitive data, it won’t matter how many precautions the cloud vendor has taken.
What happens if a security breach does occur?
“Cloud providers should also be able to give details of their financial compensation and insurance policy for recouping customer losses as a result of a cyber attack”
Nothing is ever 100 percent secure in the world of cloud technology; it’s possible that a hacker will be able to breach into a system, despite all your security measures. If this happens, your clients will want to know about the response plan and how it will minimize damage, both financial and otherwise.
Who can access the data?
“Your data must also be isolated from that of other organizations hosted in the same place. You need to know that your electronic files cannot be deliberately or inadvertently accessed by another user whose data are stored on the same server"
Ensuring that only authorized staff is able to see a company’s data is imperative in securing a client’s trust in its MSP provider. With the amount of private information that a client will place into their cloud, they need to know that no one outside their company will ever be able to view this information. With this being stated, they will also need to know the security measures of the MSP provider, as well as the cloud vendor.
If I end my contract with you, what will happen?
“It is not uncommon for cloud providers to go out of business, or struggle to remain competitive in the fast changing market,” Mr Robinson says. “So the ability to get out of a cloud contract quickly and cheaply can be more important than getting a competitively priced deal.”
If a company decides that they want to either switch MSP providers, or no longer want provider, how will that process transpire? Knowing that there will be no hard feelings and that their data will still remain confidential is of vital importance to a company. Additionally, a potential customer will want to know how this data will be disposed of from the MSP provider.
What other security-related questions are you asked on a regular basis? Be sure to share in the comments section below.