In our last blog post we wrote that the data center you select for your applications and data should be in compliance with best-in-class practices. One way to determine this is by asking for certifications. Today we will discuss two kinds of certifications that you should become familiar with before you make a final decision on a cloud hosting provider.
SOC-1 and SOC-2 (Service Organization Controls) certifications give you a baseline for the physical and logical access, data security and business continuity of your data. SOC-1 reports are audited reports on controls. Type I reports the existence of control policies and procedures and Type II verifies that these procedures are in practice by testing their operation effectiveness for a period of time. SOC-2 reports on various organizational controls related to security, availability, confidentiality or privacy. Make sure you know which type of certification your cloud computing provider has.
HIPAA (Health Insurance Portability and Accountability) refers to a US federal regulation that ensures privacy of healthcare data by providing privacy standards to protect patients’ medical records and other health information. A data center with HIPAA certification is vital if you will have healthcare records in the cloud.
There are multiple other certifications that cover other aspects of cloud security. The important thing to remember is that, if your cloud hosting provider has the certifications you require, your data will be in very good hands.