Almost without exception, businesses both small and large that have yet to adopt a cloud computing model cite IT security concerns as one bar to adoption. There is much that cloud services providers can do to assure their business customers that their data, and by extension their reputation, will be safeguarded with all due diligence. SMB owners and managers, however, need to know what to look for in a cloud services provider. It is important to come to the table equipped in advance with the right questions.
Important Security Controls
1. Ask how an IT services provider makes use of group policies to administer client machines. Also, inquire into how Windows Active Directory is used to enhance system and workstation security.
2. Find out what firewall protection is in place. Ascertain whether firewall protection is used on the perimeter of the system only, or if firewalls are also used in ways that function as internal checkpoints.
3. Determine how access control and authentication will be handled. Also, ask about reporting and data collection with regard to successful and attempted access attempts. This information can become invaluable when a business needs help tracking down the cause of issues that may develop.
4. Ask about customer file protections, including how permissions are distributed for adding, deleting, or changing such files.
5. Inquire about anti-virus protection. Find out what programs will be used to protect servers and client machines. Also, ask about provisions for updating and maintaining such programs. Will they be set to update themselves automatically, downloading new virus definition files as soon as such files become available, or will some user input be necessary?
6. Ascertain what procedures are in place for the IT risk assessment process. How does the IT company evaluate its own policies and procedures and identify areas for improvement when it comes to the IT security it provides its SMB clients?
7. Determine what monitoring is in place to track device activity and system events. Is continuous monitoring provided by default? The advantages of a cloud services approach can be largely negated if the provider's attitude toward monitoring is on a ‘9 to 5’ basis. In the Information Age, security must be watched carefully 24 hours per day.
With these questions in mind, SMBs will be in a much better position to find a cloud services provider that can truly meet their needs.
IT Security Related Topics: