Cloud Security Questions to Ask Your Service Provider

As we have stated before, selecting the wrong provider for your IT needs can be costly and maddening. When it comes to selecting a cloud provider, security is a huge concern. Below are a few cloud security questions you should consider when selecting your hosting provider and solution. To help you get the most out of this post, we provided answers to each cloud security question we think you should ask your service provider.

Chris_ChurchOur Manager of Cloud Services, Chris Church, provided answers to these questions below.

The purpose of the below Q&A is to highlight the questions and answers to details you should know when analyzing Cloud providers.

Cloud Security Questions to Ask your Service Provider


What Cloud Security Policies Do You Have in Place? Is there a corporate security policy?

“Here at Orion, we take pride in the fact that our solutions are customizable to each one of our clients. Each of our cloud clients has their own security policies in place. These policies are designed from the ground up according to their specific business needs. We can then isolate individual tenants and enforce either our corporate or client-specific security policies.”

What is the Location of the Physical Servers?

“The location of our physical servers varies across data centers. Each tenant chooses the general area where we house their data, like a city. Within this location, there is a 50-mile radius that data should be stored within. This limitation is in place to support business continuity and disaster recovery. Business continuity is further engrained into all of our cloud solutions through the assurance that all data is not housed in one building. This eliminates recovery issues that many other providers who store all data in one facility leave themselves open to.”

Do You Use Industry Standard Encryption and Authentication Protocols?

“Yes, and Orion ensures that all solutions and protocols are specifically tailored to each tenants’ needs, specifically with security and compliance requirements. Because of this, Orion offers both options to our cloud tenants. Encryption has a higher load on equipment, but is crucial for compliance with HIPAA and other higher-level government controlled regulations. Authentication Protocols are also in place to help users access servers. This is done by the industry standard two-factor authentication with a password and token.”

How is the increase of usage or peaks handled?

“There are two different ways to answer this cloud security question

  • The first method occurs when a client needs to add more horsepower to their cloud solution. This is something that can be done on the fly, but isn’t automatic. If we know when the tenant will be hitting a peak periods, we can add more when the servers are still live. Orion can architect a solution for horizontal scalability to the system as well. This will help spread the load and can be done while the systems are live.
  • The second way we handle peaks and usage is through the backend of things. When peaks happen and have the potential to bog down a server, Orion backend solution helps to monitor if a server is being bogged down. If this is detected, data can be moved to other Orion servers to lighten the load.

So we have a variety of ways to solve this issue.”

Cloud_Security_QuestionsIs there a process in place for incident response?

“The first response is sent to the team that is currently on call during the incident. Next, the 24/7 on-call team will alert the tenant of the incident, what is impacted, how critical the incident is, and what needs to be done to resolve.

Because Orion’s Cloud Solution is highly redundant, incident reports to our tenants are usually just notifications, as they have little to no impact.”

Do You Encrypt Data Before it is Uploaded to the Cloud?

“Everything we do is HTTPS. Just through this alone, data will be encrypted. With that being said, any remote user’s access is through a remote secure proxy, or secure VPN. This only further heightens the protection of your data.”

Do you test your backups?

“Yes, we test our backups weekly.”

What is your backup and disaster recovery strategy?

Orion’s Backup Strategy is to perform backups on a nightly basis. Hourly snapshots are taken on the SAN as well. As far as Disaster Recovery Strategy, Orion maintains complete SAN replication that happens on a daily basis to an offsite city. This helps us remain proactive in the event all data centers in one city are experiencing an outage, data will not be lost and will be backed up in another one of our locations.”

Is there a backup and recovery SLA?

“Yes, nightly backups are minimum requirement with our backup solution. For clients who require more frequent backups, this can be customized based on their SLA. All of Orion’s SLAs are customized to each client’s needs, so it really allows us to be flexible in this area. This minimum backup will provide the rollback and recover of files from midnight the day prior. Retention of these is also for 1 year.”

What’s something that set’s your cloud solution apart from others? (security-wise)

Orion’s difference from other Cloud Solutions is our ability to adapt and customize. Security wise, Orion not only hosts data but we also provide a complete array of service for servers. Whether it be monitoring, backups, operating systems support and even managed security, Orion can provide holistic support to protect your data. Other larger cloud providers will provide the hosting ability of the servers themselves, but very little else besides that.”

How do you protect virtual machines?

“The key in ensuring the protection of virtual machines is to make sure each tenant and client has their own, independent network. There should be no shared network. Protection can be further provided through nightly backups and the SAN snapshots.”

What is my role and your role in the protection of my data?

“The tenant’s role in protecting their data is very simple; business as usual. It is Orion’s responsibility to ensure that your data is protected, compliant, backed up and capable of disaster recovery.”

Who can view enterprise data in the cloud?

“Within Orion, our certified technicians have basic access to provide support. Other than that, access to enterprise data only granted to whomever the tenant approves and would like access accounts created for.”


If you are considering outsourcing your infrastructure hosting, make sure you remember these Cloud Security Questions. Are you interested in migrating to the cloud? Contact our experts.

By | 2017-03-24T13:47:50-04:00 June 16th, 2015|Cloud Computing, Security|

About the Author: