A Cloud Security Checklist for Charities

It would not be an exaggeration to call it “the cloud revolution” – cloud platforms and services such as Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platforms as a Service (PaaS) have enabled organisations of all kinds to take advantage of on-demand computing power, storage and tools that would previously be unimaginable for all but the biggest budgets.

The cloud is an absolute no-brainer for charities running digital services, websites or infrastructure, but for organisations that handle sensitive constituent and donor data, security is the first concern.

Storing data in the cloud is generally safer than keeping it locally for the simple reason that major cloud providers are held to strict standards to be able to operate, and these include being responsible for customers’ data in their datacentres. As a cloud infrastructure customer, you fortunately inherit the best practises of that vendor around policies, architecture and processes built to keep security-sensitive organisations’ data safe.

However, there are a few vital checks you should make before taking the plunge with a cloud vendor:

1. Verify your provider

A provider should be able to demonstrate their adherence to security standards and best practises by showing that they comply with industry-recognised standards.

Security schemes like ISO 27001 or certification under the government’s Cyber Essentials Scheme are good ones to look out for, but there are multiple.

The Cloud Industry Forum, a professional membership body for cloud providers, lists a few of the most common security certifications and regulatory standards on its website.

To read the full Charity Digital News Article click here.

Source: Charity Digital News