7 Security Questions You Should Cover with Your Hosting Provider
2014 was the year of the big hack—from Sony to Home Depot, Target and a slew of retailers and businesses alike, cybercriminals had plenty to celebrate at year’s end.
Not surprisingly, 2015 is shaping up to be just as bad for cybercrime as the year before, and if you’re ready to move your Dynamics ERP to a hosted environment, it’s a good idea to evaluate your cyber threat landscape first.
Despite the long list of benefits, running your Dynamics in the cloud can open up your operations—and your reputation—to risks and cyber threats that you may not have considered. The first step to protecting your business is knowledge, and knowledge begins with your cloud hosting provider.
Before you sign the contract and move your Dynamics to the cloud, ask your cloud hosting provider these questions first:
1) How will you handle anti-malware, anti-spam and antivirus? The average employee has 3.2 devices, and all of these can fall out of sync with patches and security updates every time they exit your network. Even devices that are not connected to the internet can be used by attackers who have already gained internal access and are hunting for internal jump points or victims. If your team plans to access your cloud from their mobile devices, be sure to ask your cloud provider if they are capable of remediating these risks by offering antivirus, anti-spam and anti-malware to protect hosted systems from external threats.
2) What is the cost of “free”? You know the old saying that there’s no such thing as a free meal? The same applies to business applications. If the hosting provider you have chosen offers free business applications, stop and consider the true cost of free. Google is a prime example—as a search engine and advertising company, your business information is their currency and profit margin. Keep in mind that if the product is free, you are probably the product.
3) How will my business be protected from cyber attacks? Distributed Denial of Service attacks, or DDoS attacks, are show stoppers for businesses that rely on the internet for day-to-day operations (yes, even your website and email), and these attacks target small and midsized businesses more than the media will tell you. Cloud providers should have traffic filters in place to scrub attacks from their network before attacks can flood their hosted servers. Be sure, too, to ask what will happen to your servers if another company in the cloud provider’s data center is the target of a DDoS attack—if the provider is not experienced in handling these kinds of attacks, your cloud could go down even if another hosted customer is the subject of the attack.
4) How will mobile devices connecting to the cloud servers be handled? All devices your company’s employees have access to are considered risky subjects. Ask your cloud provider if they have a system in place that can help you handle mobile device management.
5) Where will my data be physically located? This is a topic that doesn’t often come up in the cloud conversation. Even if you move your data and applications to the cloud, it’s important to know where, exactly, that cloud lives. Ask your hosting provider where the physical data is stored and what threats that region may possess—hurricanes? Earthquakes? Tornadoes? As a followup question, ask how they plan to handle your business needs if their data center is struck by disaster.
6) Is your IT team current in their security training? Whoever is hosting your applications and data will act as your IT personnel—and that means they are handling IT security, too. Ask what security skills your cloud provider’s team has, and if you see gaps, work with your provider to adjust their service-level agreements, and ask them to take training where necessary.
7) What types of monitoring are in place for my environment? Cloud providers should be monitoring logs across firewalls, servers and network devices to look for patterns of risk. Furthermore, providers should go beyond just logging—they should have in place a process of accumulating the logs and analyzing the results. Ask your provider if you can see logs for compliance and security polices, general system troubleshooting, security incident response, and forensics.
Want to learn more about cloud provider security controls? Contact us here to get started.
by Myappsanywhere
*This post is locked for comments