Important Questions to Ask Cloud Providers  to Ensure Data Security
SHARE
by
Robert Rostamizadeh
| 10/09/2019

Important Questions to Ask Cloud Providers to Ensure Data Security

Enhanced security is one of the most compelling reasons for businesses to convert to cloud technology. 

Weighing the risks and benefits of cloud technology is an important process, which is why small businesses looking for cloud solutions should consider some basics while searching for that perfect provider.


Find a provider that understands your business
First, understand your business and service expectations. Providers often specialize, making them extremely knowledgeable about   the security and regulatory requirements for specific data. 

For example, if you’re looking for a human resources application, select providers that specialize in employee data security. For payment processing, look for providers that specialize in transaction security. And for compliance or knowledge within a specific industry, ensure that the provider is an expert with a proven track record with businesses in that category. 

Understanding the needs of your business will help narrow the selection criteria for the providers, systems and protocols best suited for your company. 


Ask about security certifications
Security certifications show that a cloud provider meets or exceeds standards. Some providers display this information, but inquiring organizations should never be shy about asking for certification and regulatory compliance information.
      • PCI DSS certification confirms a SaaS provider has undergone detailed audits, ensuring that sensitive data, like credit card information, is protected, processed, transmitted and stored in a fully secure environment. It includes requirements for security management, policies and procedures, software design and network architecture.
    • SOC 2 certification ensures internal risk management processes and regulatory compliance oversights are in place. It also confirms that the cloud solution is designed and rigorously managed to the highest levels of data security.  

Businesses that use Amazon Web Services (AWS) as the foundation of their cloud solutions already meet compliance requirements that safeguard privacy through secured data centers. Known for its uncompromising quality, AWS is second to none for security and disaster recovery and is the highest ranked among users. 

Cloud solutions for this purpose are, by far, the best opportunities for businesses, providing 24/7 access to data and infrastructure, with consistent and predictable costs that help keep organizations on budget. 


Review security systems and plans
Cloud solution providers should be transparent about how data is protected. Security plans should include multiple layers, including:

    • Hardware security for servers and data centers
    • Data encryption methods for stored and transmitted data
    • Monitoring capabilities, including descriptions about what is monitored

In addition to system descriptions, businesses should also ask for and understand the processes in place for a security breach. Providers should explain what happens in the event of a breach, including how and when notifications are provided and at what risk levels notifications are triggered.  

The bottom line for small businesses is that cloud-based solutions safeguard and protect organizations beyond the investment that any single company can provide. More robust and reliable than on-premise security, cloud technology protects against costly disruption and downtime. 

Independent dealers transitioning to cloud-based systems, including dealer management systems, can learn more about secure solutions by contacting their CDK representative.

 

Robert Rostamizadeh
Robert Rostamizadeh

ROBERT ROSTAMIZADEH is director of product and engineering for CDK Global, the largest provider of integrated information technology and digital marketing solutions to the automotive retail industry. Rostamizadeh has more than 18 years of experience as a software engineer and engineering lead. He earned a Bachelor of Science in management information systems from Oregon State University.