I was recently asked about best practices for contracting with cloud service vendors – and thought this advice was worth sharing.

What is the best strategy if you decide to change vendors?

Always conduct a parallel transition. This will keep your data in place at your original vendor during the transition. This cost more but will protect your data in a worst-case scenario.

What is the process for removal of data after the conclusion of the contract?

Cloud providers offer different levels of access to data depending on the service purchased (e.g. SaaS, IaaS, or PaaS). With system level access data owners can use standard tools such as dd or shred. Otherwise, data owners will need to make a request to the cloud service provider to delete the data using their tools.  Requesting proof of deletion is also recommended.

Final Recommendations

The organization’s Business Continuity and Disaster Recovery plans are key here. It is important to review BC/DR plans prior to conducting a data migration from vendor to vendor. Upon review, consider allowing the technical staff to “wargame” the data migration with revised BC/DR plan in hand and further allow a follow-up revision to the BC/DR plan based on the outcomes of the wargame. This will ready your staff for the handoff process ready them to react if the worst happens.