Sunday, January 29, 2012

Question for cloud vendors. Part Two

Infrastructure as a Service (IaaS) & Platform as a Service (PaaS)
·      Will the cloud vendor clearly communicate network topology and security practices?

Software as a Service (SaaS)
       Is cloud vendor willing to provide documented secure coding practices and security (penetration) testing results from 3rd parties?
       Does cloud vendor communicated information about OS-level patches and updates and how does Cloud vendor provide information of schedules of patches so not to affect customers businesses?
       What is the cloud vendor’s terms with respect to ownership of the data?
       How does the cloud vendor delete the data when the customer is no longer a customer?

       What about e-discovery?
       Can we be locked out due to legal action taken against another one of your customers?

No comments:

Post a Comment