6 questions everyone should ask before hosting externally on the cloud or not, hosting data, application or infrastructures :
1. Does the provider has experience in your industry ?
Is the provider aware about your industry regulations (Basel, NERC, HIPAA, Solvency, etc...) and is the provider already compliant ? Does it host some of your competition, and if so, how will the provider guarantee chinese walls with your own IT environment ? Will you share some equipment with them ?
2. Is the provider security-certified ?
Does the data center has an ISO 27001/27002 audit report or a NCMC/CSAE 3416 attest report specific to providers ? If not, you may want to ask for a security audit of this provider to investigate about data protection, physical and logical access control, etc.
3. If you intend to host electronic payment at this provider, is it PCI DSS 3.0 compliant ?
Your customers' credit card personal information should be encrypted and protected in compliance with PCI standards requirements.
4. Inquire about business continuity
Not only does your service provider need to be available and compliant to ISO 22301 but most of the professional providers now possess quality certifications such as ISO 9001, energy standards compliance against ISO 50001, environmental accreditation such as ISO 14001 as well as OHSAS 18001 safety standards compliance.
5. Have an IT-specialized lawyer review your contract
New technologies have a great deal of grey areas in terms of responsibilities. Make sure you have legal advice on that matter and include reversibility and audit clauses as well as all your business requirements in terms of security, privacy, availability, incident management and maintenance.
6. Update your insurance contract
Assess the financial risk associated with the migration of your service externally versus a risk transfer option. Be cautious about start-up cost and recurring costs.