IBM Security Intelligence Blog
The following are suggested common best practice questions to consider when evaluating a cloud provider:
1. Is the cloud governance based on industry standards such as ISO 27000 (or FFIEC)?
2. What is the risk and compliance management program?
3. What are the physical and logical access controls, and the health checking processes?
4. What is the problem and incident management process?
5. How is protecting the company high value / sensitive data implemented? Encryption?
6. How is threat and vulnerability identification implemented?
7. Is the hypervisor certified?
8. What is your personnel security policy?