After the recent enforcement action against a financial advisor for failing to complete the proper due diligence on their cloud provider which ended in a compromise to their data, I am rerunning my blog earlier this year regarding Cloud Provider Due Diligence.
Do you have a questionnaire to use when preparing due diligence on your cloud providers? If not, you will want to do so. You may wonder – what is important to know about your cloud provider (consider questions I provided in my 7/14/14 blog). Decide before you even produce the questionnaire what minimum security precautions you will insist your vendors have.
If you don’t know what to ask or what precautions you need to have in place, maybe it is time to outsource this task to someone that does this every day.
Understand that although you may outsource some of your books and records to a cloud provider – you can’t outsource the responsibility. If they lose your data-it is your responsibility. Take the time now to do your due diligence.