Top ten questions
- Which process, application and information can be moved to the cloud to gain efficiency and cost benefits while satisfying the organization's security and compliance requirements?
- How can the organization be harmed if systems, applications, services or information are accessed by unauthorized people and information is being made available to the public?
- How are information and systems protected against unauthorized access (e.g. hacking, interception, user misuse) by the cloud service provider?
- How can the organization ensure the integrity, authenticity and reliability of information stored in the cloud?
- What are the organization's responsibilities regarding the security of infrastructure and information in the cloud for the chosen cloud service and deployment models?
- How can the organization apply its records and information management programs (e.g. classification, retention) to the cloud environment?
- What is the impact of outsourcing services and information to the cloud on the legislative and regulatory requirements of the organization (e.g. DP, FOI, SOX, e-discovery, copyright, licensing etc.)?
- How should the organization audit and monitor cloud services and establish relevant service level agreements?
- Will the organization be able to negotiate contracts and agreements that fit their risk assessment and compliance environment?
- What are the total costs of setting up and managing the cloud services?
Questions from: Cloud Security