- How does your organization view the security of public cloud environments to host and deliver its business applications and data assets?
- Where cloud services are already being used, does your organization have processes for checking performance against agreed security practices?
- Does the cloud provider have data transfer capabilities and sufficient security for the data transfer?
- What sort of security does the cloud provider have in effect?
- How often does the cloud provider have security audited?
- What approaches have been introduced to ensure data security in hybrid cloud computing?
- How does your organization determine that all appropriate security requirements are met before deploying cloud computing resources?
- How does your organization address cloud security concerns using corporate policies and procedures?
- Why does your organization permit cloud computing resources to be deployed without vetting or evaluation for security risks?
- What security controls does the cloud service provider offer to protect the confidentiality and integrity of its subscribers data?
- What itil best practices, security and data protection standards and guidelines are in use by the cloud service provider?
- Is the cloud service provider liable for capital punishment if one fails to meet the committed data security measures promised?
- How does the cloud provider manage network and information security risks?
- How does an IoT technology provider enhance security and compliance in cloud infrastructure while minimizing provisioning errors?
- Which cloud security controls does your organization currently use?
- What security and compliance certifications does the cloud provider hold?
- How concerned, if at all, are you about the security of your organization data in cloud storage?
- What will the security of data be if the cloud providers are no longer in business?
- What is the perception among users of potential security and privacy risks associated with using cloud data storage solutions?
- Does the policy cover security requirements for data and systems hosted on cloud services?
- What data security level do you expect from a cloud service provider?
- Which security technologies and techniques are you actively using in your organizations data center or cloud deployments?
- How does cloud computing fit with your organizations security policies?
- Does the cloud service provider have necessary security controls on human resources?
- How sensitive is the data, and does the cloud provider offer the necessary minimum security controls in terms of maintaining confidentiality, integrity and availability of data?
- Is management concerned about data security and privacy of personal cloud storage services?
- How important is the level of data security at the cloud provider to your organization?
- Do all the cloud vendors data centers use the same physical security standards?
- Does the cloud service provider have necessary security controls?
- How does cloud computing affect the security of the enterprise and your customers?
- Are there other associated services as security enterprise audits, cloud or data warehouse service?
- Does your organization have a documented cloud security plan or methodology?
- How do you monitor data integrity, data backups and security in a cloud computing model?
- What is the relationship between cloud computing and Big Data in view of security frameworks?
- How does your cloud platform keep your business safe from security threats?
- Does your organization have a centralized cloud security policy?
- What impact does a multi cloud approach have on governance and data security?
- What steps are you taking to improve data security and privacy in your cloud offerings?
- How confident are you when it comes to the security of business data including that of your customers/clients in an increasingly mobile and cloud oriented environment?
- Are your security and risk professionals involved in cloud data governance?
- How can assurance be provided that the security requirements for data storage in the cloud are met?
- Does the cloud arrangement address data privacy and security issues?
- How does security management manifest in cloud services?
- How concerned are you that individuals, departments, and/or lines of business within your organization are in violation of your security policies for the use of cloud applications?
- How does the cloud vendor meet security requirements?
- Does the cloud provider have established security and privacy programs that are re enforced by independent certifications?
- How does DevSecOps help handle arising cloud security challenges?
- What tooling challenges does your team face with security in cloud environments?
- What are the data security issues in cloud based SaaS ERPs?
- How does cloud play into DevOps and what are the security issues that arise?
- How important is security risk about using cloud services within your organization and why?
- What makes cloud security more complex than data center security?
- What security certifications does the cloud infrastructure host hold?
- What are the security measures for continuing accountability of data cloud storage?
- Does your cloud provider have high levels of physical security to prevent unauthorised access?
- How much cloud increases your security in terms of data retention, even personal?
- How does your cloud strategy link to your existing IT and security infrastructure?
- Where is the cloud data center located, and what are its physical security characteristics?
- How does the cloud affect your security and the security of your users?
- Where does cloud security come from?
- How does the number of security breaches you experienced in a public cloud compare to your traditional IT environment?
- Is it compliant data security possible and transparent with cloud computing?
- Which cloud service providers does your organization have a preference for?
- How does security shift with a cloud approach?
- What does cloud app security provide?
- Do you have a unified security delivery and services across cloud and traditional IT environments?
- How much security does the cloud provide?
- Is it possible for a your organization to be compliant with security and privacy regulations while deployed in the cloud provider environment?
- Can the cloud service provider deliver on commitments necessary to meet your business contractual, regulatory, security and other requirements?
- How does a Cloud provider secure data on storage devices?
- Does the cloud provider provide adequate security for network access and authentication?
- How does your organization address data in transit and data at rest for your cloud applications?
- Which mobile cloud security requirements have been under researched?
- Is the existence and implementation of the security concept on the part of the cloud service provider reviewed by the customer or independent third parties?
- Can the cloud service provider demonstrate appropriate security controls applied to physical infrastructure and facilities?
- What sort of data privacy rules does the cloud service apply?
- What strategies have you used to implement cloud security to minimize EHR cyberattacks?
- Are security infrastructures maturing to support the business and improve risk management in the cloud model?
- Which security mechanism enables organizations to authenticate users of cloud services using a chosen provider?
- How important is the security component offered by the cloud service provider in your vendor selection decision?
- What security controls provided by the cloud service provider can be monitored by the cloud subscriber to verify compliance?
- Does your cloud service provider meet your security requirements?
- Does the service provider verify security and compatibility in case of changing the cloud assets?
- Are cloud computing services evaluated for security prior to engagement or deployment by your end users in you organization?
- How do mobile apps and cloud based applications affect your organizations security risk profile?
- Does the cloud provider have enterprise performance management cloud services that can quickly bring your organization into compliance with your financial processes?
- What are the key criteria for choosing a cloud provider from an information security perspective?
- Should cloud provider use standard based or own security solutions?
- Does the cloud service agreement specify security responsibilities of the provider and of the customer?
- Are members of your security team involved in the decision making process about allowing the use of certain cloud applications or platforms?
- How does a cloud backup system guarantee data is being transferred securely?
- Does the cloud service agreement make its responsibilities clear and require specific security controls to be applied to the application?
- Are the security tools natively offered by cloud infrastructure service providers sufficient for your enterprise?
- Have cloud applications become a security and compliance risk for your organization?
- Does the service agreement require that all security terms must also pass down to any peer cloud service providers used by the provider?
- How do you keep control of systems and assets while Shadow IT, as Bring Your Own Device (BYoD) and Cloud services, is making security governance more complex?
- What changes would you make to improve your security policy because of cloud adoption?
- What information security and privacy standards or regulations apply to the cloud customers domain?
- How is your organization planning to address its cloud security needs?
- What technologies do other organizations use for enforcing cloud security policies?
PT Bukit Asam Tbk - Member of MIND ID Holding Group
2 年Valuable insights
Cyber Defense - Certified Lead Implementer CISA, CISM, BSI-KRITIS 2.0, ISMS/IEC 27x, NIST, NERC-CIP, GRC, IS-Audit, SAP NW-AUDSEC-731, HANA 2.0 SPS4 & SM 7.2 Global, Central Finance-S/4 HANA Certified Professional
2 年Thanks for letting us know about the challenges in depth of cloud security with hyperscalers and audit relevant activities to be experienced. Kindly keep us informed with relevant information by webinars would be very much appreciated. We wish you a happy and prosperous new year 2022. Have a wonderful year ahead of you!!!
Scientist E /Additional Director ,ISMS &BCMS Lead Auditor, Ethical Hacker and Empanelled faculty for IT security & Reliability training programs of STQC Directorate, Govt. of India.
2 年Happy new year ?? 2022
PUUR IT
2 年comprehensive questionnaire and usefull
Re-Searcher, Entrepreneur, Corporate Strategist,Senior Banking Manager, Corporate -IT-Architect, CSO,
2 年Gerardus Blokdyk Do you know what I am doing in this area?