1). the security controls the cloud provider implements for data storage and transmission.
2). the type of firewall
3). security breach notification– The balance here is to obtain prompt notification and at the
same time have an assurance there is an ongoing
reporting obligation on the part of the vendor
4). what happens to the data when the contract is terminated:
The cloud provider must be obligated to return or destroy data as directed by the
customer and the contract should have a timeframe for accomplishing that.
I hope this would help.
Identity and Access Management, Adherence to various standards, Encryption techniques