5 Questions to Ask Before Your Next Audit
Compliance and Cloud have not always gone hand-in-hand, but that may be changing. According to 451 Research Group’s 2016 Trends in Cloud and IT Services Report, “Even in regulated markets it seems some of the [Cloud] barriers are coming down. Financial services firms are turning toward cloud in a significant way. Banks and insurance firms are realizing they can operate more securely on cloud than they can in their own datacenters; pharmaceutical companies and healthcare firms are likewise learning this.” As these industries recognize, the potential cost savings and increased efficiency of the Cloud offer an enticing package, however, it can present a challenge when facing compliance audits. Of course, securing your Cloud data is about more than a compliance checklist; it’s about ensuring your data is as secure as possible. We recommend asking the following questions before your next audit.
What information is stored in your Cloud environment and how is it stored?
There are stringent requirements for the storage and transmission of healthcare and credit card information through HIPAA and PCI regulations. Both healthcare and credit card data should be encrypted, and the only way it should be accessible is with the correct encryption key.
Encryption is only effective if implemented throughout the life of the data. Ideally, data should be encrypted prior to upload, during transit and at rest within your Cloud provider’s data center. Using secure communication protocols like SSL/TLS keeps your data as safe as possible while it moves from one location to the next.
Where is your data physically located?
Knowing where your data is physically located is a key component of keeping it safe. In fact, many compliance audits require businesses to prove the location of their data and the measures in place to protect it. Being aware of the policies and practices of your Cloud provider’s data center allows you to know that your data is in good hands and well-protected. As a local Cloud provider and SOC2, Type II compliant data center, Immedion can physically show you where our Cloud resides.
Who can access your Cloud? What can they access? Is that access appropriate?
Data breaches and leakages are becoming a major concern for organizations. One of the best ways to keep data secure is to ensure the access to data is controlled and reviewed. Keep the number of privileged accounts to a minimum to reduce the entry and exit points for attackers or leaks. Your Cloud provider should have an assigned owner on file for each company’s account with detailed information about which users have access to what data. And as obvious as this may sound, passwords shouldn’t be shared.
Keeping customer data safe and secure is a one of the top priorities at Immedion. We work hard 24x7x365 to monitor who has access to our data center facility and work with customers to ensure security policies and standards are met.