5 Key Questions Every Cloud Consumer Needs to Ask About Security

Joe McKendrick
Insurance Experts' Forum, April 14, 2014

There's a growing consensus that despite all the concerns about security of public cloud services, data and applications are actually safer in the cloud. That's because cloud vendors make it their business to adhere to best practices and certifications when it comes to security. Enterprise IT departments may have trouble keeping up with everything they need to do to ensure security.

However, that doesn’t excuse enterprise IT and business managers from being vigilant about cloud security. When something goes wrong, it's ultimately the fault of the cloud customer, no ifs, ands or buts. The onus is on the customer to uncover laxity or carelessness on the part of the cloud vendor. Just as a CEO is ultimately responsible for the behavior and competencies of his or her management team, the cloud consumer needs to be vigilant about the cloud services his or her companies consumes, and be willing to fire a service that doesn’t meet expectations.

Also see Enterprises Prefer Private Cloud Storage 

This vigilance starts with asking the right questions on the outset of a cloud engagement. In a recent post, Cisco’s Evelyn de Souza says that's what cloud security boils down to — simply asking the right questions. And this doesn’t happen enough.

“Cloud consuming organizations often don’t ask enough questions about what is contained in their service-level agreements, and about the process for updating security software and patching both network and API vulnerabilities,” she writes.

Here are some of the key questions that need to be asked before signing a cloud contract:

  1. What information does the cloud hosting partner/provider make publicly available about their security processes and services?
  2. What assurances can the cloud hosting partner/provider around secure data handling, storage and transmission processes?
  3. How often do they perform audits and what types of audits do they perform?
  4. What kind of physical security does my cloud-hosting partner maintain?
  5. Do they have customer references that you can speak with?

Along with de Souza's suggestions, I would suggest that you ask about two additional elements: the health of the vendor's business and the ultimate ownership of data; and the terms for returning data upon termination of the contract or if the provider goes out of business. Just as important as guarding against hacks is assuring that the viability of the vendor's business.

Also see Why Some Applications Should Go to the Cloud 

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

On Thanking the Regulator … Really

The Financial Conduct Authority is demanding higher standards of consumer protection from insurers, which could lead to greater customer engagement and understanding.

Competing with the Coasts for Tech Talent

Are heartland-based insurers at a recruiting disadvantage for tech skills?

Putting Your Investments Where Your Transformation Is: Part 2: Optimizing Your IT Investments Portfolio

Sam Medina continues a 3-part series on Transforming the IT Investment Budget in order to fund new programs and initiatives without the necessity of additional capital expense.

Boosting Performance with Integrated Underwriting Tools

A unified, comprehensive platform can help underwriters perform their jobs more efficiently — and profitably.

Apply Mindfulness to Leadership

Managers can benefit from applying this theory both to their career aspirations as well as to interactions and expectations of staff.

Opinion: Halbig Decision Creates New Level of Uncertainty for Obamacare

Time will tell if the Halbig decision remains viable. But in the meantime, a new level of uncertainty has been injected into the process.