When it comes to security testing there are certain questions that stick to each mind related to each and every type. So with this article our team has tried to formulate the best possible answers.

1. PHYSICAL SECURITY

Questions:

• Where are my documents stored?
• Who is watching out for them?

If someone can access your information – and your customer’s information – that’s not a good thing. Some might even call it game over.

Tips:

Choose a vendor with a center that’s staffed by security personnel and covered by surveillance cameras. Multifactor identification that limits pre-authorized visitors is a huge help as well.

You should also verify that the data center physically separates hardware from any other hosting it provides. Another best practice is hardware that’s physically secured using separate cages and locking cabinets.

      2.  NETWORK SECURITY

Questions:

• What type of network infrastructure is your host using?
• What is the network intrusion monitoring policy?

Tips:

Verify that your cloud provider monitors network infrastructure components and services such as routing, switching and bandwidth 24/7. Certified engineers also need to be available to resolve any issues according to your chosen service class. Automated network intrusion monitoring procedures should also operate 24/7.

     3. TRANSPORT SECURITY

Question:

• Are all communications between clients and the cloud encrypted?

Tip:

Look for a cloud provider that encrypts communications using up to AES-256 bit SSL v3 or TLS 1.0 and SSH. This ensures that all content and operations are secure from any possible interference or interception en route.

      4. APPLICATION SECURITY

Questions:

• Does the application even consider security?
• What is the penetration testing?

Tips:

Users should automatically receive access to new versions or upgrades as soon as they are available. However, cloud providers should never perform an upgrade without customer knowledge. You should be able to request test environments to perform appropriate testing on new versions, or any other aspect of the solution.