By Erika Chickowski, Contributing Writer, Dark Reading, May 12, 2015
Erika Chickowski of Dark Reading posted a slideshow of the most important security questions companies should ask cloud providers in order to evaluate the risk of using that service. Paul Hill, senior consultant, SystemExperts, contributed two questions for the article:
Do you encrypt all data transmissions, including all server-to-server data transmissions, within data centers?
“Security is only as strong as the weakest link. While it is very common to encrypt the traffic between the customer and the service provider in order to ensure integrity and confidentiality, it is less common for service providers to encrypt intra-server communications within the companies own perimeter. Too often attackers are able to exploit this type of weakness once a single breach in the perimeter has occurred.”
Do you allow customers to perform scheduled penetration tests of either the production environment or a designated testing environment?
“Penetration testing is a common method used by companies to ensure their systems are well defended from attacks. Cloud service providers that allow customers to perform such testing are willing to be transparent about their security practices and also likely to be confident that their systems are well secured.”
To read other questions you should ask click here.