The three main principles of information security is easy to remember because of the well-known acronym CIA.
In the world of information security, CIA means:
Confidentiality – hiding information from those not authorised to see it.
Integrity – the ability to ensure the information is accurate and unchanged from the most recently published version.
Availability – ensuring the information is available for those authorised to view it.
I believe CIA is even more important when using the cloud, simply because you have lost control of your information. Reassurance is needed from the cloud provider that the risks associated with the CIA of your data are applied to the relevant security controls and the risks are mitigated to an acceptable level for your business.
A questionnaire is a great way of assessing whether a cloud provider is right for your business, the questions which follow are only a sample but should help smaller companies to make a calculated decision. If your data is hyper sensitive or if you are part of a larger organisation and need support please contact me to find out more.
If you are a cloud provider it will be well worth investing in Cyber Essentials Plus to reassure your customers that some important security controls have been certified, contact me and I can arrange to get your infrastructure Cyber Essentials hardened and certified.