Whether or not we give it much explicit thought, we all do at least some due diligence every time we buy something.
When it comes to Cloud services , due diligence ought to be done explicitly and with forethought — because getting out from under a bad Cloud choice can be onerous. It’s worth your while to choose well in the first place.
In order to find a Cloud provider with the ability to meet your organization’s requirements, carefully review the provider’s…
- Cloud infrastructure, which should be based on an enterprise-grade virtualization platform with virtual security (rather than security solutions designed for physical environments grafted onto a virtualized environment). Your provider’s infrastructure should also integrate server, network, and storage access resources into a physically distributed but centrally managed system with automation and orchestration capabilities to reduce management overhead and make quick work of provisioning. Also required: A united fabric technology that reduces costs by eliminating need for multiple sets of network adapters, cables, and switches.
- Development practices (how developers use your data for testing may have compliance implications).
- Data classification policies and procedures, since these may affect where your data can reside.
- Regulatory compliance policies and procedures.
- Security and data protection policies and procedures.
Next time, I’ll take a closer look at the best ways to evaluate Cloud provider security.