5 Key Questions Every Cloud Consumer Needs to Ask About Security

Joe McKendrick
Insurance Experts' Forum, April 14, 2014

There's a growing consensus that despite all the concerns about security of public cloud services, data and applications are actually safer in the cloud. That's because cloud vendors make it their business to adhere to best practices and certifications when it comes to security. Enterprise IT departments may have trouble keeping up with everything they need to do to ensure security.

However, that doesn’t excuse enterprise IT and business managers from being vigilant about cloud security. When something goes wrong, it's ultimately the fault of the cloud customer, no ifs, ands or buts. The onus is on the customer to uncover laxity or carelessness on the part of the cloud vendor. Just as a CEO is ultimately responsible for the behavior and competencies of his or her management team, the cloud consumer needs to be vigilant about the cloud services his or her companies consumes, and be willing to fire a service that doesn’t meet expectations.

Also see Enterprises Prefer Private Cloud Storage 

This vigilance starts with asking the right questions on the outset of a cloud engagement. In a recent post, Cisco’s Evelyn de Souza says that's what cloud security boils down to — simply asking the right questions. And this doesn’t happen enough.

“Cloud consuming organizations often don’t ask enough questions about what is contained in their service-level agreements, and about the process for updating security software and patching both network and API vulnerabilities,” she writes.

Here are some of the key questions that need to be asked before signing a cloud contract:

  1. What information does the cloud hosting partner/provider make publicly available about their security processes and services?
  2. What assurances can the cloud hosting partner/provider around secure data handling, storage and transmission processes?
  3. How often do they perform audits and what types of audits do they perform?
  4. What kind of physical security does my cloud-hosting partner maintain?
  5. Do they have customer references that you can speak with?

Along with de Souza's suggestions, I would suggest that you ask about two additional elements: the health of the vendor's business and the ultimate ownership of data; and the terms for returning data upon termination of the contract or if the provider goes out of business. Just as important as guarding against hacks is assuring that the viability of the vendor's business.

Also see Why Some Applications Should Go to the Cloud 

Joe McKendrick is an author, consultant, blogger and frequent INN contributor specializing in information technology.

Readers are encouraged to respond to Joe using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

The Good, The Bad and The Ugly Of Enterprise BI

When IT can't deliver, business users build their own applications focusing on agility, flexibility and reaction times.

The IT-Savvy 10%

IBM survey reveals best practices of IT leaders.

The Software-Defined Health Insurer: Radical But Realistic?

Can a tech startup digitally assemble the pieces of a comprehensive, employer-provided health plan?

Data Governance in Insurance Carriers

As the insurance industry moves into a more data-centric world, data governance becomes more critical for ensuring the data is consistent, reliable and usable for analysis.

Fear This

Just days before this Issue, which contains our security cover story, went to press, we got some interesting news: 1.2 billion unique usernames and passwords and 542 million email addresses were reportedly stolen from 420,000 websites, according to The New York Times. The websites ranged from Fortune 500 companies down to small online retailers.

Should You Back Up Enterprise Data to the Cloud?

Six questions that need to be asked before signing on with an outside service.