To cloud, or not to cloud.  That is the question.

By Veriato Team

If you are thinking about storing sensitive information in the cloud, you need to be as sure of the security of that data as you would be storing it on your own infrastructure. In effect, you are outsourcing data storage. And there are good, valid reasons to do so. Most of them stem from a lower costs (or the perception of lower costs) and management overhead.

Here is a list of questions you need to have answers to before committing to a cloud based service.

Physical Security

  • What access controls are in place at the data center?
  • Is the data center SAS70 certified?
  • What are the processes and procedures around physical access to the servers where your data is stored?
  • Who is allowed access?
  • How are they vetted from a security perspective?
  • What background checks were performed?
  • How is the staff that has access monitored?

If the provider you are thinking about trusting with your data is serious about security, they will be able to produce a document that speaks to this without hesitation.


  • What happens if another customer in the shared environment overuses their capacity?
  • What are the impacts to you?
  • What guarantees are you offered that your performance will not be impacted?
  • What logical security exists to ensure that no one else besides you (and the people at your outsourced provider) can access your data?
  • What encryption is used when the data is in motion?
  • What encryption is used when the data is stored in their data center?
  • What auditing exists to you can look and see how your data is being accessed, and in the worst case, how a breach occurred?
  • What disaster recovery options are offered?
  • What is their Recovery Time Objective (RTO) to restore your data in event of a hardware failure?
  • What is their Recovery Point Objective (RPO) that measures their tolerance for data loss, and is it an acceptable level for your company?
  • Who has access to the backups?

A quality provider will be able to provide detailed documentation that addresses these questions without hesitation.

Veriato supports private cloud deployments, and encourages our customers to be certain they have addressed the above should they consider deploying our technology into a shared cloud infrastructure. While many of our customers elect to deploy using a private cloud, routine surveying of our customers – particularly those in financial services, healthcare, pharmaceuticals, and manufacturing (area where compliance mandates require greater control and where the value of corporate data is fully understood) tell us that an on premise deployment remains their preferred approach.

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Insider Risk & Employee Monitoring Resources

Is Employee Monitoring Software Worth The Investment?

Is Employee Monitoring Software Worth The Investment?

Key Takeaways: Employee monitoring software offers detailed insights into employee activities, enhancing productivity and bolstering data security. Choose the right software based on features, cost, integration capabilities, and scalability to align with specific...

How To Choose The Right Employee Monitoring Software

How To Choose The Right Employee Monitoring Software

Remote work is becoming increasingly common, and data breaches are a constant threat. The importance of employee monitoring software has never been more pronounced. For businesses looking to safeguard their digital assets while optimizing workforce productivity,...

UEBA: Revolutionizing Security With Advanced Analytics

UEBA: Revolutionizing Security With Advanced Analytics

Key Takeaways: Behavior-Focused Security: UEBA revolutionizes cybersecurity by analyzing user behavior patterns, providing a dynamic approach to detecting anomalies and potential threats. Flexible and Adaptable: Scalable for any organization size, UEBA integrates with...