[Cialug] Off topic: Evaluating Cloud Service Providers

Josh More jmore at starmind.org
Thu Jan 11 02:09:34 UTC 2018


There's actually a framework for this exact thing:
https://cloudsecurityalliance.org/download/consensus-assessments-initiative-questionnaire-v3-0-1/

-Josh

On Wed, Jan 10, 2018 at 8:03 PM, jim kraai <jimgkraai at gmail.com> wrote:

> I just read this article
> https://gizmodo.com/whats-slack-doing-with-your-data-1820838887 I want to
> put together a list of questions that should be answered before a company
> should entrust their data to a third party.  I'm not talking about
> individuals.
>
> In broad strokes, what am I missing?
>
> Questions:
>
> Is data encrypted on the servers
>
> Exactly who (roles, groups, etc.) on the cloud side can read what parts
> (metadata, history, versions, data) of my data
>
> Is it physically possible for a cloud provider employee go rogue and look
> at my data
>
> What countries does my data reside in
>
> For every legal jurisdiction that my data resides in, what are the cloud
> provider's legal risks and obligations
>
> What notifications will I receive regarding law enforcement requests for my
> data and when
>
> Other than billing for the services, in what ways does the cloud provider
> monetize my data
>
> What other companies are given my data and under what circumstances
>
> What are the cloud provider's retention policies after resource (files,
> emails, files) deletion
>
> What are the cloud provider's retention policies after contract termination
>
> Has the provider been hacked, in great detail
>
> Can I terminate my contract early with the cloud provider if I learn that
> they have not been honest with me in their answers to these questions
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>


More information about the Cialug mailing list