Cloud Computing best practice: Evaluate Cloud provider security with these 7 questions Posted on April 18, 2013 by Tim Burke Unless you’re an expert in security issues, doing proper Cloud provider due diligence can be daunting. Yet it’s essential, given the importance of your business’s data and applications. So I offer seven questions for you to ask of every Cloud provider you’re considering. Pay attention to the answers you get and don’t hesitate to demand drilldown details. Remember: You’re contemplating putting at least some of the data and apps your business relies on into this provider’s Cloud environment. What access control model do you use? Who chooses the authoritative sources of access control policy and user profile information — you, or us, or a third party? Do you support retrieval of access control policies and user profile information from external sources? If so, via what formats and transmission mechanisms? Where do our accounts reside? How are they provisioned and deprovisioned? How do you protect the integrity of my data? What authentication mechanisms do you support? (These should be appropriate for the sensitivity of the data use.) Do you support federated authentication or single sign-on model(s)? What support do you provide for delegated administration by policy administration services? What log information do you provide? Can it be imported into our operational analysis and reporting tools? Can we specify external entities with whom to share information? If so, how is that accomplished? Next time: 4 Cloud security must-dos.