Rely on their own power to any system or part of the system is transferred to the cloud are difficult. Choose the right solution provider is also daunting. Yes, experience is the best teacher, but in the work of learning real-world price. If an error occurs, those costs can be large enough to break the company's bottom line. Which for many IT management career is harmful. So when IT practitioners want to give their companies time to introduce some new things, such as cloud storage partners, do your homework in advance to find out how others do is very important. In front of my colleagues and for good advice is gold. FelixSantos, EVault's director of information security, cloud storage is a forward line, and as a mentor to pick eWEEK cloud storage partners. The following is a selection of a suitable partner 10 steps.
1, to understand security responsibilities supplier
Cloud provider's security responsibilities to distinguish between different service models. Provide the whole service for cloud providers - infrastructure services (Iaas), Platform as a Service (Paas) and Software as a Service (SaaS) - security is the sole supplier responsibilities, including physical, environmental, infrastructure, applications and data security as well as people, processes and technology. In contrast, offer a service provider, such as Amazon's ElasticCloudCompute (EC2) laas, responsible only for the safety of a particular item, the rest of the responsibility is yours.
2, to understand the service level agreement (SLA) and customer service
Read the SLA - yes, all of the terms - understand them. SLA to provide protection for the service, if you do not keep promises, many vendors provide compensation. Although these deals very attractive on the surface, but they do not always equate to quality customer service. Do you really want to get wrong all day protection with suppliers, rather than with a reliable suppliers do? In addition, look for an experienced and industry can work for you throughout the day dedicated team of experts suppliers.
3, to ensure that the regulatory requirements is a priority
Regulatory norms are very complex, for each link is filled with test control. In order to reduce the burden on IT departments to select a different understanding of regulatory needs suppliers, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Gramm - Ridge - Bliley Act (GLBA). In addition, you need to find an access to SSAE-16 certification (a key industry auditing standards) Partner. As a resource, often refer to ISO27001, CoBIT or other applicable standards, to help you make informed decisions.
4, which is a mobile world: Keep your data safe
With the current labor force growth, smart phones, laptops and tablet PCs for data security is a priority for each organization that problem. Mobile devices often carry critical data; then, many companies have not adequately protect them. A recent Ponemon Institute study found that the institutions surveyed, only 39% have the necessary security controls to reduce the insecurity of the risks of mobile devices, once they are lost or stolen, would an organization set at great risk under. When selecting the cloud storage provider, make sure that they not only protect your company's on-site data, but also fully protected when they leave employees using mobile devices.
5, auditing suppliers' environmental
Cloud providers must cooperate in their networks and equipment have excellent security measures; it must ensure that there is no data in the case of owner allows data will not be accessed. Encryption is also key; when the data generated in your network supplier when it should be encrypted in transit over the network are protected and encrypted stored in the cloud.
6, the cloud of potential partners conduct background checks
In the late 1990s, a group of financial institutions to form an open community, called BITS.BITS standard information survey is to assess the cloud provider a good way. It involves the business environment, information security, security project management measures and processes, asset management, risk management and appropriate incident response handling.
7, choose a flexible solution
If you are looking for a small company outsource data storage is likely to grow along with your business, you want to internalize these services. Some storage vendors can make this transition more seamless. Be sure to evaluate your business needs, not only in the near future, but the long-term.
8, to ensure data resilience
In the past few years, due to a series of hurricanes, earthquakes, floods and storms cause loss of data caused by the disaster recovery attracted more attention. Is imperative that your data backed up on a remote, off-site data center. According to Forrester's Enterprise disaster recovery plan 2011 second quarter, "business not only in consolidating their backup sites, and they also reduce the distance that the disaster recovery site for those close to the company from their own is a danger signal, they may be affected by the same disaster impact. "Choose a data center away from your main partner institutions, and is absolutely safe one, so you are sure to recover from the disaster.
9, where the data is stored in clear
Many cloud products is not clear where the customer data will be saved. Some actually the provision of "ignore position" cloud service as a benefit. For regulatory purposes, the actual physical location of the data is very important. In addition, if you are for your disaster recovery plan or attempt to use cloud storage through strict security checks, then the location of the data and the development of mechanisms for data access will be very crucial.
10, a good look at the cost of
Costs, for obvious reasons, is a selection of cloud storage partners determinants. Although it may seem like a simple evaluation method, but in fact nothing. A serious lack of consistency between suppliers, regardless of the customer to pay and what you got. Different functions and virtualization makes pricing model more complicated. Best to clearly understand what you need, and what you ultimately will pay the cost of what it is. Remember, you do not need to immediately put all IT operations to the cloud; cloud / preset combinations are a reasonable choice. Your reason is given to the cloud can reduce costs, but improper planning and a bad supplier selection, and you will find yourself overpaying do not need or do not understand the service.