Questions to ask cloud vendors

Wednesday, May 22, 2013

With so many cloud options, district CIOs should push vendors for details about their security and privacy services. “With the cloud, you have to ask big questions,” says Taiye Lambo, founder of CloudeAssurance. He suggests that CIOs assess three major security areas: confidentiality, integrity, and availability.

“Many providers will pay lip service to security, but push them to get into specifics.” Will your data be stored on multiple servers, so that if one goes down, your data are secure? Will it be backed up? What sorts of security tests are performed? Do the servers have scheduled downtime, or will you always have unfettered access?

Also make sure to carefully study user agreements: “Some of them are very vague when it comes to security,” warns Ramiro Zuniga, CIO at Port Arthur ISD. He recommends that CIOs ask specifically about security services, encryption and ISO 27001 certification, as well as compliance with FISMA, HIPAA, and FERPA.