Two women sat discussing in front of a large window

Questions to ask your cloud provider to ease your security concerns

Adoption of cloud technology is on the rise and generally gaining acceptance, however there are still some businesses who are cautious of taking the plunge. It would appear that they don’t feel convinced that their data will be safe in someone else's hands. We understand this concern and appreciate that there are risks moving your services to the cloud. We do, however, whole-heartedly believe that cloud vendors are in a position to secure your data in ways that just aren’t practical for most SME businesses to do on their own.

What do you need to know?

Competition between vendors for cloud services is bringing more and more providers into play with improved pricing and/or service offerings. We thought we’d help by compiling a list of security-based questions that you could ask your potential vendor before you settle on any decisions. Hopefully, getting the answers to some of these may set your mind at ease.

  1. -  What uptime do you guarantee and what happens if you don't meet that service level?
  2. -  What certifications do you hold?
  3. -  Where are your servers physically located?
  4. -  Do you support multi-factor authentication?
  5. -  Is data encrypted in transit and at rest?
  6. -  Do you provide access to logs?
  7. -  Who has access to our data while it's with you?
  8. -  What happens in the event of a security breach or loss of data?
  9. -  How do you protect your data centres?
  10. -  Do you have a disaster recovery plan, has it been tested?
  11. -  What level of support is included and what happens if you don't meet that agreed level?
  12. -  Do you perform vulnerability or Pen testing?
  13. -  Do you conduct any cross-platform testing?
  14. -  What roles do we each play in the protection of data stored with you?
  15. -  Does the product support role-based access?
  16. -  How can companies ensure they're doing their best to secure their own data?
  17. -  What is the exit process if we decide to move our services at a later date?


We understand this is a fairly comprehensive list of questions. Our advice is to choose the ones that are most important to you and start there. It may be difficult to get to speak to one of the bigger players, in those cases I suggest you go through an intermediary. For example, ITbuilder have a very good relationship with Microsoft and know that Azure meets these criteria and can provide many of the answers listed above to our customers.

Remember, if you can’t speak to a human when you’re looking to give them money, don’t expect to be able to speak to them when things go wrong.

Jason Abrahamse

Jason is ITbuilder's security expert and leads our information security project team. He provides consultancy and support on matters relating to cyber-resilience and data protection.

Something of an industry veteran, Jason has held various roles in the industry and combines that expertise to consult with customers on security best practices.

Jason is a native of South Africa, but is now a fully naturalised Brit except for not being accustomed to the cold. He lives locally in Hertfordshire.

More articles from

Back to Blog