Customer FAQ

Q: How Can a Cloud Service Provider know where my data is stored if it is in the cloud?

A: Cloud Service Providers have many ways of determining the location of virtual assets stored in the cloud. Just because data is in the cloud doesn’t mean you don’t have a right to audit.

 

Q: If my data is in the cloud doesn’t that mean I am leasing it from the provider?

A: No, you are leasing the applications and infrastructure but the data is still yours.

 

Q: Since the data is in the cloud doesn’t that mean it is the cloud service provider’s responsibility for security, and I am not legally liable?

A: No court has ruled that a data owner abdicate their responsibility for ensuring their customers data is protected if it is in the cloud. In fact several data owners have had to pay sizeable sums due to a provider leaking their data.

 

Q: Won’t my cloud service provider refuse my self-assessment or validation audit request?

A: The consumer should review their service level agreement. Some types of information such as medical records, records on children and credit card information have special protection, including right to audit that supersedes any contract you might have signed.

 

Learn more about why you need to audit or assess your Cloud Service Provider’s Security and GRC program:

http://cloud-standards.org

http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment

http://cloudsecurity.org/blog/2009/06/16/stop-the-madness-cloud-onboarding-audits-an-open-question.html

http://redmondmag.com/articles/2010/07/01/cloud-visibility.aspx

https://blog.cloudsecurityalliance.org/2011/02/23/top-six-security-questions-every-cio-should-ask-a-cloud-vendor/

http://wtnnews.com/articles/7283/