5 Security Questions To Ask Your Cloud or Web Hosting Service Provider

if you are shopping for a cloud service provider, you need to ask several hard questions to ensure that you are signing up for a secure and trusted infrastructure service.

A provider who offers cloud based computing infrastructure on a pay as you use model uses virtualisation, which means many subscribers will share the use of its computers.

though the use of virtualisation software, one computer is turned into many virtual machines, or VMs.

This maximizes the use of a single computer while allowing each subscriber to have his own VM with its own operating system, processor, memory and network card.

In a computing environment that is shared, you want the most finely detailed, or granular, security for your business and your provider’s assurance that this level of protection is continually in effect.

5 Security Questions To Ask Your Cloud or Web Hosting Service Provider

it is vital that you ask these security questions of your provider.

1. Is your virtual machine isolated and secure from other customer?

when many user share a computer, proper isolation of VMs must be in place to ensure that your data i secure.

without such isolation, you cannot be sure that viruses or malware from other customers’ VMs will not attack yours, or that your sensitive and valuable information is safe form unauthorized access.

your provider must offer a highly detailed, or granular, firewall-based isolation for each VM, or group of VMs, this is done via virtual firewall technology using an automated security enforcement process.

with this measure, newly created VMs will inherit the security policy that had already been applied to the computing resources.

This ensures that virtualisation security and firewall protection are consistently applied and enforce so that your business remains private and secure

2. Are you allowed to manager your vital machine’s security?

Ask your provider if you can have visibility and manageability over your VM’s security.

Ideally, your provider’s security expert would deliver a secure VM which is properly configured but allows you to make adjustments to your company’s security policy.

This way, you can adjust a VM’s access to meet sensitive business requirements.

3. Is there maximum availability of your virtual machines?

No Business can afford downtime. Your provider should be able to offer a service agreement of at least 99.9 per cent, or higher, availability per VM workload.

Ask if his virtualisation security solution is robust enough to handle a system failure. The answer should be “business as usual” for you. In other words, data traffic and security would go on with hot standby mechanism providing the required protection while the provider deals with the downtime in the back office.

4. Can i get reports on my virtual machines?

You will want to know the health of your VMs’ security in as fine details as possible. You should be able to get a report on complete inventory of your VMs, VM groupings, and their security state.

In addition, you should also be able to get a comprehensive list of all applications installed on the VMs, including operating system patches and application updates.

having access to an overall compliance assessment will tell you the state of each VM relative to the desired security policy you want to implement.

5. Can you provider comply with mandatory security standards?

if your business needs to process credit card information, then it needs to comply with mandatory regulations such as Payment Card industry, or PCI, a security standard for cards.

This standard governs the security needed for processing, transmitting and storing of credit card data for merchants and card companies such as MasterCard, Visa and American Express.

An example of security is the use of the personal identification number, or PIN, at a point-of-sale terminal.

Ask your provider if his virtualisation security solution offers full visibility, segregation and acess control of a VM’s use. Also ask if his solution complies with the PCI security standard.

To be compliant in a virtualized environment, the VMs are restricted to a single function.

This can be done only with virtual firewall technology which restricts a VM to accepting and forwarding only certain toes of traffic.

Your provider should also offer automated compliance reporting requirements.