According to the Cloud Security Alliance (PDF), a lack of due diligence remains one of the top continuing threats to cloud computing. While businesses may have an awareness of the general nature of cloud technology and related security threats, many business undertake little due diligence about their cloud service providers (CSPs). Even basic due diligence, such as assessing the financial health of the CSP or determining the length of time the CSP has been in business, are frequently not considered.
Since less than 50 percent of new businesses survive more than 5 years and many cloud service providers (CSPs) are newer companies, there is good reason for businesses and their lawyers to pay more attention to due diligence in the area of cloud services — an increasingly important part of the business supply chain.
Some questions to ask
In developing your cloud due diligence checklist, be sure to include questions about: