Security Selection Criteria
Product long-term strategy
What is the vision for the service provider’s cloud offering? Does the cloud service provider have a product roadmap for their offering? Cloud service providers seeking to provide mission-critical services should embrace the ISO/IEC 27001 standard for information security management systems. If the provider has not achieved ISO/IEC 27001 certification, they should demonstrate alignment with ISO 27002 practices. What is the limit of the cloud service provider’s responsibility for security? What security responsibilities are expected of the enterprise? What is the legal accountability in a breach? Does the cloud service provider have the ability to comply with regulatory requirements that you face? Is the cloud service provider able to provide you with full visibility into compliance-related activities? Can you perform your own audit?
Limits of responsibility
As you and other IT managers continue to explore options for moving workloads to the cloud, security considerations will continue to influence your buying decisions. As a result, cloud service providers are becoming more aware of the need for transparency into their security practices.
18 Intel IT Center Planning Guide | Cloud Security