Questions for Small Businesses to Ask Their Cloud Service ProvidersIt is perhaps not surprising that many small businesses are starting to realise the potential benefits that cloud computing can offer them.

Whether it is the savings in cost, the almost unlimited storage space, the backup and recovery mechanisms or the automatic software integration, cloud computing can definitely have a positive impact on the way your organisation operates.

But, you should be weary of the lingering doubts over the security of the cloud that a number of people continue to express.

Although you can be pretty sure that your Cloud Service Provider will have invested a lot of time, money and energy into security at both the physical and network levels (although you should obviously try and verify that!), there are still a few things you should do to ensure the security of your data as much as possible.

It should be noted that even companies that do not have access to a large IT team can make sure they have done the following.

 Firstly, Choose the Right Provider

This may seem like a really obvious thing for you to consider, but it really is important that you don’t just plump for the cheapest or easiest option and spend a good deal of time researching each provider.

Even just a quick hour or two seeing what a particular company’s ‘Google footprint’ looks like is going to be more beneficial than just going with the first company you happen to come across.

Some key questions to ask here would be things like whether or not that particular provider has its own Security Operations Centre, if they meet (or exceed) Tier 3 standards and whether they can show you any accreditations they have (such as ISO 27001 or PCI DDSS)


Another important thing to be aware of is what kind of encryption process any potential providers use, because not all schemes are of equal value. Some providers will tell you that they offer bells and whistles unbreakable encryption, when in fact they will only encrypt your data as it moves from your computers to the cloud and cannot necessarily guarantee that it will still be encrypted when it gets there.

Make sure you know what the provider’s policy with regards to the storage of encryption keys is and that you are happy with this.

 Stand Up for Your Rights

The issue of access rights is one of the most widely contested and debated about topics when it comes to cloud computing. If you store your data on the cloud and not your own physical servers, then who has access to it and what effect is this likely to have on your company’s security and data protection strategy?

There are a whole number of potentially prickly issues here. If your provider is located in the US then you could be forced to hand over all of your data to the US authorities under the Patriot Act. Also, who makes decisions about the storage of your data in an emergency or disaster recovery scenario?

If the regulatory framework of your industry means that it is simply too risky to not know where your data might be being stored, it might be better to pay more for a company offering private cloud servers so that you have more of a guarantee.

 Ask About Continuity

Most small businesses are likely to begin to feel the pressure if there are long periods of data unavailability due to continuity problems, or a long data recovery following a bad hardware failure. Check the provider’s policies on this before paying up.

If you remember to ask these questions and look for the provider that can best assuage these concerns, then you should be as safe as you can be to do business and make money.

Do you have any tips and guidance that I’ve missed out? If so please share it. 

James Duvalis an IT specialist who often has to explain what the cloud is and how it works to befuddled businessmen and women. In the limited amount of spare time at his disposal, James likes to either write blogs for companies like ConNetU or have wild motorcycle based adventures around the UK.