Top ten questions

  1. Which process, application and information can be moved to the cloud to gain efficiency and cost benefits while satisfying the organization's security and compliance requirements?
  2. How can the organization be harmed if systems, applications, services or information are accessed by unauthorized people and information is being made available to the public?
  3. How are information and systems protected against unauthorized access (e.g. hacking, interception, user misuse) by the cloud service provider?
  4. How can the organization ensure the integrity, authenticity and reliability of information stored in the cloud?
  5. What are the organization's responsibilities regarding the security of infrastructure and information in the cloud for the chosen cloud service and deployment models?
  6. How can the organization apply its records and information management programs (e.g. classification, retention) to the cloud environment?
  7. What is the impact of outsourcing services and information to the cloud on the legislative and regulatory requirements of the organization (e.g. DP, FOI, SOX, e-discovery, copyright, licensing etc.)?
  8. How should the organization audit and monitor cloud services and establish relevant service level agreements?
  9. Will the organization be able to negotiate contracts and agreements that fit their risk assessment and compliance environment?
  10. What are the total costs of setting up and managing the cloud services?

Questions from: Cloud Security