Asking Cloud Providers the Right QuestionsEric Chiu of HyTrust on Scrutinizing Vendors
For organizations considering using public cloud-based services, asking tough security questions of the vendor is an essential first step, says Eric Chiu, president of HyTrust.
Organizations "should really ask about all the same requirements of that public cloud provider that they would ask themselves," Chiu recommends. "What sort of role-based access control is being put into that environment? How are they securing their own cloud administrators in terms of accessing and getting to data?"
In this video interview at Information Security Media Group's recent Healthcare Security Summit in New York, Chiu also recommends asking cloud vendors about:
- Their policies on encrypting data and managing the keys;
- Their logging and auditing activities;
- Their configuration best practices.
Chiu co-founded HyTrust Inc. in 2007 and also serves as its president. He served as the CEO of the company until 2011. Chiu has more than 13 years of experience in high-tech management and finance. He formerly served as vice president of sales and business development at Cemaphore Systems and led business development activities at MailFrontier and mySimon, which was acquired by CNET Networks.