Six security questions you should ask your cloud service provider

As Dennis Stejskal mentioned in his recent blog series on four cloud computing trends that will impact the construction industry, the “cloud” is opening up new options for contractors looking to improve productivity and better manage their businesses and projects. Consequently, the use of cloud computing by contractors is increasing.

Along with that increased usage, however, comes the question of data security.

“While security should be a concern whether your data resides on-premise or in the cloud, the increasing use of mobile devices and cloud services is adding a new dimension to the discussion,” Stejskal wrote in a Building Profits article “How to talk tech to get business results.” That discussion starts with asking the right questions of your cloud computing provider, including:

1. What is the provider’s service level agreement (SLA)? Read the SLA carefully. It outlines what you can expect from the provider, such as service availability, disaster recovery commitments, response times, and processes to identify and resolve problems.
2. Where is your data stored? The provider should be able to tell you the exact location of the data center and its security measures.
3. Is there a data backup program in place? Don’t leave anything to chance. Malware, power outages, natural disasters, and human error are constant threats to your business. If something happens, you need a backup copy of your data to get up a running as quickly as possible.
4. How frequently does the provider test its restore capabilities? Make sure the cloud provider tests its restore capabilities on a regular basis.
5. How is your data isolated and safeguarded from other clients? Assure your data is securely stored and not visible to others using the same service.
6. Are regular security testing and independent security audits conducted? What independent certifications does the provider have to assure security standards are being met? Look for certifications such as the Service Organization Control (SOC 2 and 3) reports which look at a service provider’s controls related to the security, availability, processing integrity, and privacy or confidentiality of information.

There’s no doubt that data security is becoming a top priority for many contractors. Three of four contractors (77 percent) have an IT security plan in place and 54 percent also have a mobile security policy, according to the 2017 Construction Hiring and Business Outlook. While most cloud-computing providers take major steps to assure your data is safe, understanding their security protocols, as well as the security role you play, is another safeguard to protect your company’s data.