Your browser is out of date.

You are currently using Internet Explorer 7/8/9, which is not supported by our site. For the best experience, please use one of the latest browsers.

Nov 11, 2020

Currently, many businesses have evaluated their current IT infrastructure and determined that outsourcing data to the cloud is more efficient and cost-effective since the cloud allows data to be accessed from anywhere in the world. Third-party cloud servers provide businesses efficiency and flexibility since companies use as much or as little storage capacity as they need.

About Effective Data (ED), we specialize in EDI Consulting and Data Integration. Founded by EDI experts, ED has been a pioneer in the electronic commerce consulting arena for over 22 years. Effective Data's core competency is developing and managing technically robust EDI solutions.  With each project, our EDI Specialists collaborate to identify key business objectives, define a solution, and continually manage the project through implementation. This is all prepared with a thorough understanding of industry standards, best practices, and technology.

ED has supported companies of all sizes and in every industry.   We are a vendor-agnostic company that does not endorse any single product or service.  We work with all EDI, EAI, and B2B platforms.  Headquartered in the Chicagoland area with satellite offices throughout the United States, we are prepared to provide all your EDI and Data Integration needs nationwide.

What is Cloud Computing? 

In computer networking, cloud computing is a phrase used to describe a variety of computing concepts that involve a large number of computers connected through a real-time communication network such as the Internet.  It is very similar to the concept of utility computing. In science, cloud computing is a synonym for distributed computing over a network and means the ability to run a program or application on many connected computers at the same time.

The phrase is often used in reference to network-based services, which appear to be provided by real server hardware, and are in fact served up by virtual hardware, simulated by software running on one or more real machines. Such virtual servers do not physically exist and can therefore be moved around and scaled up or down on the fly without affecting the end-user, somewhat like a cloud becoming larger or smaller without being a physical object.

In common usage, the term "the cloud" is essentially a metaphor for the Internet.  Marketers have further popularized the phrase "in the cloud" to refer to software, platforms, and infrastructure that are sold "as a service", i.e. remotely through the Internet. Typically, the seller has actual energy-consuming servers that host products and services from a remote location, so end-users don't have to; they can simply log on to the network without installing anything. The major models of cloud computing service are known as software as a service, platform as a service, and infrastructure as a service. These cloud services may be offered in a public, private or hybrid network.

Source: Wikipedia

Five Questions to Ask A Third Party Cloud Provider

1) What is your data encryption policy? 

Your vendor should have a policy of encryption for all data–in transit, at rest, or in mobile devices. Pay particular attention to the vendor’s data decryption process. By failing to encrypt all data, you risk information compromise or serious regulatory compliance issues.

The highest standards for encryption are 256-bit Advanced Encryption Standard (AES) SSL for transit and 256-bit AES for data at rest—approved by the National Security Agency and used globally.

A note about decryption: This is the process of decoding data that has been encrypted into a secret format. Decryption requires a secret key or password. Pay particular attention to the vendor’s data decryption process. It needs to be easy to use but also totally secure. It’s just as important as the vendor’s encryption policy. If you can encode messages (or information) in such a way that hackers cannot read it, but others who are allowed to decode it cannot read it, there could be a problem.

2) How do you manage encryption keys?

Many security breaches occur because of lax management regarding the encryption keys. When evaluating third-party vendors, make sure the company provides separation between the encryption data and the encryption keys. You should expect candidates to have separate data sets centers; this provides enhanced security by eliminating a single point of failure.

Examine the vendor’s business process to determine the extent of access to data systems by its employees, which should be strictly limited. The process should have safeguards to ensure that encrypted file data and the correct file version encryption key are brought together only as needed.

3) What data protection certifications do you have?

Vendors earn certifications for a broad range of tasks, ranging from information handling at a particular data center to business practices for protecting information.  If you want the very best in data security, select a company whose data centers passed aSOC 1 audit under SSAE-16 guidelines (formerly called SAS70 Type II) and were tested by outside auditors.

Data centers that pass the SSAE-16 audit have completed meticulous requirements related to physical security, physical access, and internal business controls.

Also question the provider about the process for destroying data. The company should answer that it follows and complies with the Department of Defense 5220.22-M or NIST 800-88—the standard for disk erasure.

4) What is your standard for data durability?

It is mission-critical to have your data available 24/7, 365 days a year, and without corruption. For this service to be considered excellent was 99.999% (“five nines”); however, some vendors today now offer 10 or 11 “nines.”  Your cloud storage provider should back up all data in triplicate at various data centers. This protects against connectivity issues or if a data center goes down unexpectedly.

The backup data should synchronize automatically and immediately.

5) How much control do I have over data stored in the cloud?

You may want to maintain control over data for its entire lifecycle. This includes when and how your data streams, how it is physically stored, and how you manage creating data or capturing files, documents, or messages. Make sure the vendor has policies that complement your need to upload content and manage users’ accounts or devices that have the ability to access or make changes to the system.

Evaluate the vendor’s plan for unexpected incidents, such as sending data to the wrong location because of errors, configuration problems, or malicious intent.

These five questions to ask a potential cloud computing outsource are by no means comprehensive but should help in your search to find the right partner.

Contact us today to schedule a business case assessment! 

Contact Us

company icon Our Company resourcesicon_resources.png icon Resources