It is difficult to transfer any system or part of the system to the cloud by one's own power. Choosing the right solution provider is also daunting. Yes, experience is the best teacher, but learning at work has a real-world price. If mistakes are created, those costs can be as big as breaking the company's bottom line. This is detrimental to many it-managed careers. So when it practitioners want to introduce something new to their company, such as cloud-storage partners, it's important to find out what others are doing by doing their homework ahead of time. The good advice that colleagues on the front line put forward is gold. The information security director of Felix Santos,evault is a member of the cloud storage front line and picks Cloud storage partners as eWEEK's mentor. The following are 10 steps for choosing the right partner.
1. Understand the responsibility of supplier safety
The cloud provider's security responsibilities are differentiated by different service patterns. For cloud providers that provide the entire service-infrastructure services (IAAS), Platform-Services (PAAS) and software-as-services (SaaS)-security is the sole responsibility of the vendor, including physics, environment, infrastructure, application and data security, and human, process, and technology. Conversely, providers of a service, such as Amazon's elastic Cloud Compute (EC2) Laas, are only responsible for the security of specific items, and the rest of the responsibility is yours.
2. Understand Service Level agreement (SLA) and customer service
Read sla--Yes, all the terms--understand them. SLAs provide security for services, and many suppliers offer compensation if they do not keep their promises. While these offers are ostensibly attractive, they are not always synonymous with quality customer service. Are you really willing to work with suppliers who are wrong all the while, rather than working with a reliable supplier? Also, find a supplier with industry experience and a dedicated team of experts who can work full-time for you.
3. Ensuring regulatory requirements is imperative
Regulatory norms are very complex and are full of test control for each link. To reduce the burden on it, select a vendor that understands different regulatory requirements, such as Sarbanes-Oxley (Sox), Health Insurance Portability and Accountability Act (HIPAA), and Graham-Ritchie-Bliley (GLBA). In addition, you need to find a partner who obtains SSAE-16 certification (a key industry audit standard). As a resource, always refer to ISO 27001,cobit or other applicable criteria to help you make informed decisions.
4, this is a mobile world: keep your data safe
With the growth of the mobile workforce, data security for smartphones, laptops and tablets is a priority for every organization. Mobile devices often carry critical data, and many businesses cannot adequately protect them. A recent study by the Ponemon Institute found that only 39% of the agencies surveyed had the necessary security controls to mitigate the risks posed by unsafe mobile devices, which would put an institution at great risk once they were lost or stolen. When choosing a cloud storage provider, make sure that they protect not only your company's onsite data, but also the employees who use the mobile device when they leave.
5, audit the environment of suppliers
Cloud partners must have excellent security practices within their networks and devices, and it must ensure that data is not accessed without the permission of the data owner. Encryption is also the key, and when data is generated in your network it should be encrypted by the vendor, protected during network transmission, and stored in the cloud.
6. Background checks on potential cloud partners
In the late 90, a group of financial institutions formed an open community called bits. The BITS standard Information survey is a good way to evaluate cloud vendors. It involves the business environment, information security, measures and processes for managing security projects, asset management, risk management, and appropriate incident response processing.
7. Choose a flexible solution
If you're a small company looking to outsource data storage, it's likely that as your business grows, you want to put these services into the interior. Some storage vendors can make this transition even more seamless. Be sure to evaluate your business needs, not only in the near future, but in the long run.
8. Ensure the resilience of data
In the past few years, data losses due to a series of hurricanes, earthquakes, floods and storms have attracted more attention in the aftermath of the disaster. It is imperative that your data be backed up in a remote, offsite data center. According to Forrester's corporate disaster recovery plan for the second quarter of 2011, "Companies are not only consolidating their own backup sites, but also reducing their distance from them." This is a dangerous signal for companies near the disaster recovery site that are likely to be affected by the same disaster. "Choose a data center that is far from the partner of your main organization and is absolutely safe, so you can certainly recover from the disaster."
9. Know where the data is kept
Many cloud products are unclear where customer data will be kept. Some actually treat cloud services that provide "ignore locations" as an advantage. For normative purposes, the actual physical location of the data is very important. Also, if you are using cloud storage for your disaster recovery plan or attempting to pass stringent security checks, the location of the data and the mechanism for data access are critical.
10. Take a good look at the cost
Cost, for obvious reasons, is a determining factor in choosing a cloud-storage partner. Although it may look like a simple evaluation method, it's not really anything. There is a serious lack of consistency between suppliers, regardless of what customers pay and what they get. The differences in functionality and virtualization make the pricing model more complicated. It's best to know exactly what you need, what you will pay and what the ultimate cost is. Remember, you don't need to move all IT operations to the cloud right away, and the combination of cloud/preset is a reasonable choice. Your rationale is to take into account that cloud can reduce costs, but inappropriate planning and a bad supplier choice will allow you to find yourself spending money on services you don't need or understand.
(Responsible editor: The good of the Legacy)