Infrastructure as a Service (IaaS) & Platform as a
Service (PaaS)
·
Will
the cloud vendor clearly communicate network topology and security practices?
Software as a Service (SaaS)
• Is cloud vendor willing to provide documented
secure coding practices and security (penetration) testing results from 3rd
parties?
• Does cloud vendor communicated
information about OS-level patches and updates and how does Cloud vendor
provide information of schedules of patches so not to affect customers
businesses?
• What is the cloud vendor’s terms with respect
to ownership of the data?
• How does the cloud vendor delete the data
when the customer is no longer a customer?
Legal:
• What about e-discovery?
• Can we be locked out due to legal action
taken against another one of your customers?
No comments:
Post a Comment