Moving to the Cloud? Five Questions You Must Ask Cloud Providers: Page 2

3. How will you protect my data?

Just because a vendor claims that cloud security is a priority doesn’t mean that their security practices are up to the challenge of warding off ever-evolving threats. For instance, everyone knows that they need to have an IPS in place, but does your vendor have a cloud-capable IPS?

“Many appliances have packet-inspection settings that are designed to fail on,” said Joe Anthony, Director of Security Product Management for IBM. If the device is overwhelmed with peak traffic or by, say, a flood of rich media, the bulk of the traffic will, by default, pass through with only small samples inspected for threats.

This shortcoming will typically be logged, alerting administrators to the problem, but how many will actually follow up? Anthony recommends IPS solutions with 20 GBps capabilities, at minimum, for public cloud environments.

Trust is another major concern. “In the cloud, previous outsiders quickly become insiders,” said Mike Gault, CEO of GuardTime, a provider of keyless signatures used to validate the integrity of data. “There is no distinction between the two. With all of the new risks inherent with cloud computing, it’s especially important to recalibrate trust. To be blunt, you really can’t trust anyone anymore.”

This means having security in place for data protection and integrity, to protect against data loss and to secure the application layer, not just the network and access.

4. How will I know that you are properly protecting my data?

Okay, so your vendor says that they have strong security. Now, prove it. What are the monitoring and logging policies? Who audits them for security compliance (and to what standards) and what sort of access will you have to those audits?

5. How can I trust that you’ll be a viable company in the long run?

Cloud computing has accelerated the challenges that incumbent providers face from upstarts and startups. It’s cheaper and easier to get a full-blown IT service up and running today than it was even a couple years ago.

With that sort of upheaval, though, comes uncertainty. You can be pretty confident that the old vendors you know and trust (and sometimes loathe) will be around to support and service you. If one of them implodes, that’s not even such a big concern because ISVs and various consultants will be able to step in.

Stability in the cloud is something that is still a ways off. “We’re a cloud provider, but a question we ask before adopting cloud or SaaS internally is ‘are you going to be around for the long haul?’” said Aaron Levie, co-founder and CEO of Box, a cloud content management provider.

If it’s a startup, how well are they funded and by whom? What is their exit strategy, be it independence or acquisition? How sound is the business model?

Of course, I asked Levie how he answered that question for Box. “We’re focused on being independent. Period,” he said. Levie noted that the company’s recent $48-million round of VC funding will be used to build out infrastructure, recruit more high-profile senior executive talent, build out a larger IT and support staff and expand the service portfolio. They currently have over 5 million users, and count more than 6,000 companies as customers, including 73% of the Fortune 500.

How often do you ask vendors about financials and its business model? In the cloud, it’s a question you neglect at your own risk.