Six questions professional services firms need to ask potential cloud providers
When professional services firms review cloud services they often ask providers questions like “is it secure?”, “is it reliable?” and “is it backed up?” but providers will always answer these questions with one answer – yes.
We believe the five questions to ask that better identify if a cloud service will be acceptable to an Australian professional services firm are:
Question 1: Is it a private cloud and can you explain what makes it private? Rationale: Private cloud is the go to platform for firms looking for privacy and security for their data. Complete data separation from other clients’ data within the cloud provider’s infrastructure is what you are looking for in a private cloud. Ask them to explain how they do this.
Question 2: Can an unauthorised user make an unlimited number of attempts to login to my account? Rationale: Many cloud services allow unlimited incorrect logins which means hackers can use sophisticated software to target a site using your email address (which is the usual username those types of services use) and an unlimited number of automatically generated potential passwords. Ideally you want your private cloud service to prevent this type of attack by limiting the number of incorrect passwords and then locking the account for a period of time.
Question 3: Are we able to revert individual files, our database and/or our complete environment back to a previous date and time? Rationale: Private cloud backups allow you to go back and restore a file, a database or a complete set-up to a previous date and time. Many cloud services do not allow for fully functional restore features. They backup their complete public database and systems but that is to ensure if they have a big problem they can restore everyone’s data and their overall system back to the last time they backed up. However, individual clients are not able to request their data be reset back to a previous date/time. The ability to restore your system back to a point in time can be essential if there have been major input errors or system wide changes you have made that you need to undo.
Question 4: Am I able to retrieve a full copy of my data including my database if I decide to terminate the service? Rationale: Many cloud services will not provide you with a full data set on termination of the service. They will allow you to export individual records one at a time which is useful for some things but not for transitioning to another service or an onsite system. This is an intentional move to lock you in to their service and is one of the most overlooked traps in cloud computing today. Cloud should be easy on and easy off so find out if you can get a copy of your complete database if you decide to leave. It is also useful to ask how they dispose of your data when you leave.
Question 5: Can I access my application via an encrypted connection only? Rationale: Using an encrypted access method is crucial to ensure the most secure cloud environment and many cloud services do not offer this type of security. If you want the highest possible levels of security look for a cloud provider that can offer a recognised form of encrypted access (VPN or SSL).
Question 6: Is all the data retained within Australia at all times, including backups?
Rationale: Most professional institutes recommend their members retain client data within Australia as Australian privacy legislation does a better job of protecting data than in many other countries around the world from inappropriate access and distribution.
Obtaining an assurance in writing from the cloud provider that all the data they manage is retained with Australia will ensure compliance and give you peace of mind.
So ultimately professional services firms will want their cloud provider to offer features that strengthen data privacy and security and asking these questions can help determine how secure and private your data is when using a particular cloud service.