Eric Chiu, president of HyTrust, says asking tough security questions of cloud vendors is an essential first step. Chiu: Organizations should ask about all the same requirements they would ask themselves. He also recommends asking about policies on encrypting data and managing the keys. He says organizations should also ask about logging and auditing activities and logging practices for cloud service providers. “What sort of role-based access control is being put into that environment? How are they securing their own cloud administrators,” Chiu says.”]
Source: https://www.cuinfosecurity.com/asking-cloud-providers-right-questions-a-9540