Cloud Security Policy: Top Twelve Questions You Need to Ask your Vendor

Share

Cloud Security Policy

 

Cloud-based Enterprise Resource Planning (ERP) solutions undoubtedly let you realize the true savings because it satisfies all the key aspects that any business asks for- Flexibility, Scalability, Affordability, and Agility.  Cloud ERP is a new rage; perhaps, you must have heard about its enormous cloud benefits from almost everywhere-Cloud can do wonders to improve your bottom line, can be accessed from anywhere on any device, helps achieve efficiency at bare minimum cost, and so on. But are you aware of the real facts beneath the glittery cover of benefits? Apart from obvious pluses of the cloud, what are the probable loopholes or drawbacks in your cloud deployment? Is it as secure as it appears or as promised by the ERP vendor? Are the data security methods adopted by your vendor reliable enough?

Many times you cannot be absolutely sure about such crucial elements of your business and you simply cannot afford to shut your eyes and sleep peacefully, thinking that your valuable data on the vendor-operated cloud server is absolutely safe and secure from unauthorized access and trespassing. It remains the prime responsibility of the customer to probe into the security policies and procedures adopted by the ERP vendor. Here’s a list of top twelve questions you should consider asking your vendor before giving him a thumbs up:

    1. What are the policies for data mobility and retention?– Data migration is extremely vital to be up and running on the new ERP system and hence the methods adopted and policies to be followed during data transfer should be carefully evaluated by the customer.
    2. What types of security authentication are provided with the cloud service?– One must enquire and confirm the security authentication certificates provided by the service provider.
    3. Do you go for regular 3rdparty security audits?– Security audits help in periodically authenticating, analysing and scrutinizing the performance of 3rd party data servers.  It also enables finding loopholes, if any, in the security policies and its handling. This even aids in figuring out enhancements, quite timely, necessary to strengthen the defense mechanism of the cloud services.
    4. What types of controls are available for Identity and Access Management of the user accounts?– Control over data access management is yet another concern for the customer in case of handling confidential and sensitive information amongst the staff. You must ask for one-tier or two-tier approval system as needed by your business from the vendor. Digital signatures, data encryption, combination passwords and patterns are most common ways to rule over access issues.
    5. Is data encryption available for to and fro of traffic over the cloud, or in storage?– Data encryption is a mandatory measure to keep away from data theft and customers must ensure best-in-class data encryption is provided by the vendor.
    6. Is there any provision for anti-malware or intrusion detection facility for the 3rd party scanning their machines?– Malware attack and data manipulations are one of the biggest threats to the security of your valuable data. Therefore, fool-proof measures to avoid such virus attacks must be demanded by the customer.
    7. What is the policy on updates and patching?– A lot of data comes underexposure during loading upgrades and patching. One must ask for guarded and secure procedures to be followed during such internal activities.
    8. How often do they make and test backups, and how are they stored?– Your live data may be safe, but have you ever thought about its backup and storage? Is the backup as secure as live data? Never hesitate to ask this from your vendor.
    9. What options are available for secure data deletion or destruction?– Even discarded data can be dangerous if not disposed off properly as it can revel a lot about the existing live data. So make sure that safe and sure-fire methods are followed for even data deletion.
    10. What types of event alerting and reporting methods will be provided?– Enquire the way in which alerts will be sent in case of a data breach. Even check if there is any provision for event logging for forensic analysis later in order to track the hackers.
    11. Details of physical location of vendor’s data servers?– Though of not much importance but an aware customer must have the full information about where the data is actually stored.
    12. Do you have a documented ‘responsible disclosure’ policy?– Last but not the least, whether the vendor gives a published and signed copy of all the disclosure policies promised by them. If yes, then the vendor is worth relying upon. You can trust his offering and consider buying a Cloud ERP solution from him.

Clear the air of doubts and concerns about the security issues of cloud ERP solutions with the help of above questionnaire. You may even directly put it in front of your vendor and  embrace the technology as happy as a sand boy.

Have more queries on Cloud ERP? Our experts will be glad to help you! Click here to get in touch with them. You may even ask for a free demo of our Cloud ERP  at sales@batchmaster.com