Cloud Security Checklist
You may be considering moving to the cloud. If so, you’re not alone. Cloud-based systems are increasing in demand, in large part due to increases in remote work. While the cloud oﬀers you more ﬂexibility and cost savings, you need to know the basics of modern SaaS security in order to choose the right provider.
We’ve created a cloud security checklist of factors to consider when making your decision:
Make sure you choose a provider that meets compliance standards that apply to your industry and organization. Whether it be SSAE 18 SOC 1 Type II, SOC2 Type II, ISAE 3402, ISAE 3000, or any other framework, ensure their certifications are valid and up to date. Look for industry-specific compliance regulations like PCI, HIPAA, and GDPR.
✅ Monitoring, Testing, and Response
A secure provider monitors system activity within both its production and corporate systems. It should keep tabs on user activity and have a security incident response plan. Providers should also test the reliability of their own security measures such as conducting regular internal and external third-party risk assessments.
✅ Vendor Management
When choosing a provider, think in terms of ecosystems, not a single product. Providers usually have a network of vendor partners so it’s important to know who those partners are and whether they are trusted and compliant with regulatory standards.
✅ Data Loss Prevention and Recovery
Providers should be able to demonstrate their ability to secure data, so data loss is rare, and recover data in case it is lost from primary systems. Look for providers that have processes and technologies in place for data loss prevention and recovery and have access to backups to mitigate loss.
✅ Security Culture
Security relies heavily on a SaaS company’s culture. Employees should be trained, certified, and aware of new threats and how to combat them.
✅ Physical Security
Physical security helps companies protect assets. The provider should control physical access to office facilities, paper records, corporate IT systems, and data centers. Other important controls include badge access, biometrics, mantraps, and video surveillance.
✅ “Always-On” Access and Uptime
High availability or “uptime” is an important factor. Check if the provider guarantees at least a 99.8% service uptime. A high uptime means you can rely on getting to your data and getting your work done whenever you need to.
✅ Data Integrity
Does the provider have strong and varied security controls in place? There should be a variety of security controls for access to information such as inactivity timeouts, session timeouts, password complexity, sign-in lockouts, and two-step verification.
✅ Data Disposal
You want to be confident that the data you no longer need is permanently deleted. Look into the provider’s processes to destroy data and be sure they thoroughly sanitize any out-of-use media containing customer information. Some reliable methods of disposal include overwriting, degaussing, and physical destruction.
Reliable providers like Sage Intacct consider security a crucial part of their business. For more information on important security points for you to consider, and to see how robust security at Sage Intacct keeps customer data secure, read this white paper: Security: Protecting Data Value