Infrastructure as a Service (IaaS) & Platform as a Service (PaaS)
· Will the cloud vendor clearly communicate network topology and security practices?
Software as a Service (SaaS)
• Is cloud vendor willing to provide documented secure coding practices and security (penetration) testing results from 3rd parties?
• Does cloud vendor communicated information about OS-level patches and updates and how does Cloud vendor provide information of schedules of patches so not to affect customers businesses?
• What is the cloud vendor’s terms with respect to ownership of the data?
• How does the cloud vendor delete the data when the customer is no longer a customer?
• What about e-discovery?
• Can we be locked out due to legal action taken against another one of your customers?