Access and operations security: How does your provider control access to physical machines? Who is able to access these machines, and how are the machines managed?
Virtual data center security: Cloud architecture is key to efficiency. Find out how the individual pieces like the compute nodes, network nodes and storage nodes are architected, and how they are integrated and secured.
Application and data security: To implement your policies, the cloud solution must enable you to define groups, roles with granular role-based access control, proper password policies and data encryption (in transit and at rest).
4. Assuming that you are no longer responsible for securing data
Never think that outsourcing your applications or systems means you can abdicate responsibility for data breach. Some have this misconception but you must understand that your company is still ultimately accountable to customers and other stakeholders for the sanctity of your data. Simply put, it's your CEO who risks going to jail, not the cloud provider's.
5. Not knowing which local laws apply
Data that is secure in one country may not be secure in another. In many cases though, users of cloud services don't know where their information is held. Currently in the process of harmonizing the data laws of its member states, the European Union favors very strict protection of privacy, while in America, laws such as the US Patriot Act give government and other agencies virtually unlimited powers to access information belonging to companies.
Always know where your data is held. If necessary, store your data in more than one location. It is advisable to choose a jurisdiction where you will still have access to your data should your contract with the cloud provider be unexpectedly terminated. The service provider should also be able to give you flexibility on where you want your data to be held.
The bottom line is that the adoption of cloud technology must come with risk mitigations steps, and firms are well served to plan for and act on these steps from the outset, so that returns on their cloud investments can be maximized.
Sign up for CIO Asia eNewsletters.