As a fintech, FeeSynergy takes the matter of data security very seriously. In an ever-expanding universe of cloud-based apps, choosing the right ones to buy can be bewildering. Our view is that buyers should start with the matter of security. If the potential app does not meet an acceptable level of security (as judged by a security specialist) then give it a miss and look for an alternative.
We invited leading information security expert Mark Hofman, founder and CTO of Shearwater Solutions, to give us his Top 10 things to investigate when buying cloud-based software.
Mark Hofman | Founder & CTO | Shearwater Solutions
10 Questions to Ask:
1. Is the data/service to be provided from the cloud subject to regulations or standards?
2. Where is legal ownership of the company providing the service?
3. In what country will the data be retained? And are there assurances it will stay there?
4. Is a shadow IT service already being used to deliver the service?
5. Has the cloud provider stipulated restrictions or limitations that may require you to weaken existing controls in place?
6. Is the choice of cloud sharing model in alignment with security objectives?
7. Is the network connection between the provider’s network and adequate to deliver services aligned to an SLA?
8. Does the provider make any security claims and do documented policies and processes support these? Are these available for review?
9. Does the provider have a BCP for the service and what are the response times for restoring services? Will alternate services be provided in the same region?
10.In the event of a security incident who will be notified and when?
Depending on the answers you receive, this will assist you in making a determination if the cloud based app you are considering is sufficiently secure for your needs. If the answers leave you with doubts, it may be worth considering looking for alternatives.
For more information contact Tory Lane email@example.com +61 (02) 9488 4600
If you would like your firm to be profiled in a future edition, or have a suggestion for an article that you think will be of interest to our readers, please send me an email to firstname.lastname@example.org