[Cialug] Off topic: Evaluating Cloud Service Providers
jim kraai
jimgkraai at gmail.com
Thu Jan 11 02:03:14 UTC 2018
I just read this article
https://gizmodo.com/whats-slack-doing-with-your-data-1820838887 I want to
put together a list of questions that should be answered before a company
should entrust their data to a third party. I'm not talking about
individuals.
In broad strokes, what am I missing?
Questions:
Is data encrypted on the servers
Exactly who (roles, groups, etc.) on the cloud side can read what parts
(metadata, history, versions, data) of my data
Is it physically possible for a cloud provider employee go rogue and look
at my data
What countries does my data reside in
For every legal jurisdiction that my data resides in, what are the cloud
provider's legal risks and obligations
What notifications will I receive regarding law enforcement requests for my
data and when
Other than billing for the services, in what ways does the cloud provider
monetize my data
What other companies are given my data and under what circumstances
What are the cloud provider's retention policies after resource (files,
emails, files) deletion
What are the cloud provider's retention policies after contract termination
Has the provider been hacked, in great detail
Can I terminate my contract early with the cloud provider if I learn that
they have not been honest with me in their answers to these questions
More information about the Cialug
mailing list