9 Questions Your Business Should Ask About Your Cloud

More than 90 percent of businesses use the cloud in some way, shape, or form, which means you probably already have dipped a toe or two in digitization. However, just because you are already using the cloud doesn’t mean you fully understand it; in fact, without realizing it, you might have made some poor cloud computing mistakes that could hurt your business.

It is always a good idea to double-check your business decisions, especially when it comes to newer technologies like the cloud. To ensure you are getting the most from your cloud provider, here are nine important questions whose answers could point you toward a larger silver lining.

1. How Do You Handle Encryption?

A cloud provider’s philosophy on encryption is telling of its overall approach to security. Ideally, your provider believes that all data requires encryption at all times; if you find that your provider believes a laptop password is enough to keep your information safe, it is time to make a change.

Additionally, you should ensure that your provider is serious regarding the security of encryption keys. Keys and data should be kept separate both logically and physically, so potential threats cannot easily find and unlock your information. Generally, it is safer to have trustworthy providers handle the keys, as you or your employees might undermine your cloud security with thoughtless mismanagement.

2. Are You Concerned About Endpoint Security?

Cloud providers can’t force you (or other clients) to enact stringent security on endpoint devices, including computers and mobile phones, but they can establish some endpoint protection that could be valuable to safeguarding your data. Three of the most common types of attack on the cloud come from holes in your firewall, communications with unauthenticated sources, and unencrypted information caches, so providers that block this behavior are far safer.

3. Do You Monitor Account Activity?

Though you might harbor latent fears of surveillance, you actually do want your cloud provider to monitor account activity. If you begin to notice unexpected or unwanted changes to your data, you should have access to a full account audit, so you can locate the person responsible for the modifications.

4. Do You Have Any Certifications?

Anyone with a server could conceivably become a cloud provider, but you don’t want your data stored in some random dude’s garage. There are certifications for the handling of information, and you should look for a provider with all those necessary to keep your data safe. Some of the most important accomplishments include:


  • FISMA certification
  • SSAE-16 audit
  • SOC 1 audit under SSAE-16 guidelines
  • Compliance with PCI DSS, ISO 27001, HIPAA, and FIPS 140-2
  • Compliance with Department of Defense 5220.22-M or NIST 800-88


5. Who Owns Our Data?

It isn’t terribly uncommon for providers to include in their contracts allowances for them to scan and sell parts of your data. In fact, Google Drive, one of the most popular cloud services, uses customer data for target advertising, though you retain ownership. You should expect to retain full control over your data, which means searching for a provider that enforces total privacy with its terms of service.

6. Is Our Data Isolated From Your Other Clients’ Data?

You aren’t paying a cloud provider to create another internet, so you should be absolutely certain that your data remains completely separate from your provider’s other clients’ data. In the past, this was easily done by using separate servers, but a fear of server sprawl and better visualization technology has encouraged multiple options on single servers. Trustworthy private cloud storage solutions should be able to partition data effectively, reducing costs and environmental drain.

7. When Can We Access Our Data?

Some providers limit daily access to the cloud to ensure their servers function at peak performance. Restrictions on bandwidth or time of day can prevent you from getting work done when you need to, so you should look for a provider without such constraints and with customer support that can ensure problem resolution for 24/7 cloud access.

8. Where Is Our Data Physically Stored?

Other countries have different laws regarding data storage and use, so it might be worthwhile to find out where your provider’s servers are geographically located. You should also double-check that your servers are not at risk of natural disaster, like tornados, tsunamis, or hurricanes.

9. Can Your System Scale With Our Growth?

One of the most significant benefits of the cloud is its elasticity: It can grow or shrink with your needs. However, that isn’t necessarily true of every cloud provider. Before you partner with a cloud, you must be certain that its architecture can accommodate your expected future growth, providing the performance you need to continue succeeding.

Join the discussion