Cloud Computing , Technology

Asking Cloud Providers the Right Questions

Eric Chiu of HyTrust on Scrutinizing Vendors

For organizations considering using public cloud-based services, asking tough security questions of the vendor is an essential first step, says Eric Chiu, president of HyTrust.

See Also: Spear Phishing, Identity Deception, Ransomware: How to Predict the Future of Crime

Organizations "should really ask about all the same requirements of that public cloud provider that they would ask themselves," Chiu recommends. "What sort of role-based access control is being put into that environment? How are they securing their own cloud administrators in terms of accessing and getting to data?"

In this video interview at Information Security Media Group's recent Healthcare Security Summit in New York, Chiu also recommends asking cloud vendors about:

  • Their policies on encrypting data and managing the keys;
  • Their logging and auditing activities;
  • Their configuration best practices.

Chiu co-founded HyTrust Inc. in 2007 and also serves as its president. He served as the CEO of the company until 2011. Chiu has more than 13 years of experience in high-tech management and finance. He formerly served as vice president of sales and business development at Cemaphore Systems and led business development activities at MailFrontier and mySimon, which was acquired by CNET Networks.


About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 28 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from the North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global Summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.




Around the Network