Yardstick - Issue 4 2017 - 36
85% of all new software is being delivered via the cloud, according to IBM.
here's what cloud security experts
recommend you include in the contract
with your service provider. (Of course,
consult with your attorney before
implementing any of these suggestions):
Be sure there are limitations on where
your business data will be geographically
located: Nail this down, or - incredible but
true - your business data could end up on
a server in Iran.
"You should stipulate certain countries
you do not want your data to pass through
- i.e. data cannot pass through HUAWEI
routers, the Chinese equivalent to Cisco -
as certain governments can seize property
whenever they like," says Andre W. Ahern,
CEO, Ahern & Associates, a business
Be sure you have a detailed exit strategy
from your cloud services provider:
Should you decide to move your business'
applications and data to another provider,
you'll want to be sure there is clear preagreement on how your lumber retail
business will easily make that transition,
Specifically, nail down how you'll move
your data. And nail down the data format
that your service provider will use to send
your data to you for the transition.
You'll also want in writing the kind
of cooperation you service provider will
"Be sure you have a detailed exit strategy from your
cloud services provider: Should you decide to move
your business' applications and data to another
provider, you'll want to be sure there is clear preagreement on how your lumber retail business will
easily make that transition, experts say."
give you to transition to a new provider.
And you'll want in writing the amount of
time you'll have to secure your data for
Otherwise, with nothing in writing,
you could simply lose all your data with a
move to a new cloud service provider.
"You should always be aware of what
the exit strategy is when signing on for
any cloud provider," Ahern says. "A lot
of providers will entice customers with
cheap sign-on specials or monthly fee
deals. But when the customer tries to
leave, they charge an arm-and-a-leg to
Beware of cloud providers that insist
on the unilateral right to change contract
terms: Essentially, this right can give your
cloud service provider a blank check to
make changes to your business' contract
terms on a whim - and leave your data in
the lurch. If the provider refuses to budge,
be sure you can live with this provision.
Get documentation on how your
provider will secure your data against
hackers: Any decent cloud provider
will have internal protocols in place
designed to safeguard your data and your
company's privacy. Get those protocols
in writing. And get a guarantee that your
provider's security standards will be
"Every cloud provider should have
multiple data center locations as a backup
to the other in case there is a loss of power
or other complications at one of the data
centers," Ahern says.
Adds Cash Won, CTO, Renoback
(www.renoback.com): " We should never
ever be happy with the current state of
security. Criminals are always thinking
about how to get around your security.
You need to keep improving and utilizing
new technologies in order to make
your vulnerabilities a moving target.
The minute you sit still, you become a
Get documentation that your provider
is aware of all local, regional, national
and international laws regarding the
security and privacy of your data. And
get documentation and descriptions of
the systems your provider has in place to
comply with those laws.
Also, get similar documentation that
your provider is aware of and can comply
with such laws that are specific only
YARDSTICK | August/September 2017