How transparent should a provider be with its cloud security policy?

In terms of cloud security policy, where should we draw the line with transparency? How much should we divulge?

    Requires Free Membership to View

The policies, procedures, standards and controls should be clear, but you don't need to divulge the actual technologies used. How you report adherence to these policies needs to be thorough, however. A good cloud security policy should give customers access to historical data on performance, outages and the nature of breaches, as well as the remediation actions, if any, the provider has taken to mitigate or prevent similar problems in the future. You should also divulge the hiring practices of personnel and what background checks are conducted. For example, customers will want to know: Are background checks only conducted during the hiring process, or are they also conducted regularly during employment? Are the employees required to sign a non-disclosure agreement during and after the employment?

This was first published in January 2013

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: