Lets explain some of the terms we use
Encryption at Rest
This indicates if when data is stored within the service it is encrypted. Encrypted data cannot be read by someone who obtains it unless they have the encryption key to unlock it.
This indicates if when data is being transmitted (either importing or exporting) it is encrypted. Encrypted data cannot be read by someone who obtains it unless they have the encryption key to unlock it.
Encryption in Transit
Does the service retain or store your data. Depending on the service it may be important that no data is stored, or alternatively it may be a requirement that data is stored for the service to operate effectively.
Retention
Does the service delete or destroy your data (usually after a set period of time). Businesses should consider how long data should be reasonably stored by the service.
Destruction
Are you provided with access/activity logs that can be used to see what actions have been taken by users in the past? This can be vital in the event of a security incident in order to identify if it was caused by an external party or someone within the business (either intentionally or accidentally).
Logging
These are the compliance certifications they hold. Depending on the nature of the business you may be required to deal with suppliers only if they hold particular certifications.
Compliance
The liability position included in the standard terms of use are summarised here. Business should be aware of what they are giving away (indemnities) or agreeing to in the standard terms of agreement.
Liability
Likely Use
The service is intended to be used for this purpose. Businesses should ensure they are only trying to apply the service for its intended use.
Location
This is where the data is stored in the world. Business should ensure they are comfortable with data being stored in this location, otherwise another service may be required instead.
Authentication
What kind of authentication is used to gain access to the service. Join our membership to learn more about the different levels of authentication and why they are relevant.
Role Based Access Controls (RBAC) allow the account holder to establish rules about what level of access different users can have to an account. For example, a business could allow some staff the ability to read content only, whilst allowing other staff the ability to edit also.
RBAC
Two-factor authentication (also known as 2FA) is a method of confirming a user's identity by utilising a combination of two different components. Two-factor authentication is a type of multi-factor authentication.
An example is the withdrawing of money from a cash machine; only the correct combination of a bank card (something that the user possesses) and a PIN (personal identification number, something that the user knows) allows the transaction to be carried out.