Data Security Considerations for Evaluating Cloud Platforms

Developed by the National Institute of Standards and Technology (NIST) under the United States Department of Commerce, NIST SP 800-144 is a widely-used guideline for addressing security and privacy challenges in public cloud environments.

To help IT security professionals evaluate public cloud platforms, NIST offers insights on some key requirements that should be considered during the evaluation process:

1. Regulatory Requirements
NIST recommends that before organizations start evaluating cloud vendors, they should fully understand the laws and regulations that impose security and privacy obligations on their business operation. This includes identifying the potential impact on the data location, records management processes, privacy and security controls. Learn how Caspio addresses regulatory compliance across several industries and regions.

2. Access Management
In NIST SP 800-144, identity and access management is a major consideration. Rather than deploying different authentication systems, NIST recommends that organizations consider public cloud providers that offer single sign-on integration using the Security Assertion Markup Language (SAML) standard or the OpenID standard. Learn how Caspio supports single sign-on using SAML.

3. Data Encryption
While access management can help protect information from unauthorized user access, data encryption is also an important security safeguard for public cloud platforms. Because organizations don’t have physical control of data storage on the public cloud, organizations should evaluate the vendor’s ability to encrypt data both in transit and at rest. Caspio offers data encryption in transit to customers in all plans, and additional encryption at rest for Enterprise plans.

4. Service Agreements
Organizations are advised to review the cloud provider’s terms and conditions, which are typically stipulated in agreements such as terms of service, privacy policy, service level agreement (SLA), and negotiated service agreements for regulatory requirements. Caspio provides service details across several agreements (Terms of Service, Privacy Statement, and SLA) and also offers a Business Associate Agreement (BAA) for healthcare organizations requiring HIPAA compliance.

5. Availability and Incident Response Procedures
When evaluating vendors, NIST recommends that organizations review the cloud provider’s provisions for uptime availability, data backup and recovery, and disaster recovery, and ensure that they meet the organization’s continuity and contingency planning requirements. Caspio offers backup and disaster recovery to customers in all plans, and additional availability guarantees in a Service Level Agreement for Corporate and higher plans.

With over 15 years in the cloud computing industry, Caspio is an enterprise-ready solution providing one of the most powerful, scalable, secure, and compliant platforms available. See how you can build secure and reliable online database applications faster and smarter using a low-code platform. Not only is Caspio designed to reduce application development costs while delivering faster time-to-market, it meets strict data security and compliance requirements as outlined by NIST.

Get started by signing up for a free trial or request a no-obligation project consultation.