Can I ask why you single out those services? I guess you will be using others which will also have a degree of risk. I suppose the risk is about possible compromise of your traffic or intellectual property. It's hard to quantify that but what is the downside ...
I would say it depends on your business need and regulatory requirements. It may also differ for different types of data. This may all be affected by local laws and possibly industry. If you uncover a possible fraud, you may want to dig back several years ...
The answer is D - Review the vendor contract to determine it's DR Capabilities. ------------------------------ Manikanta Sai Tadapaneni Technology Risk Management Associate ------------------------------
An IS auditor discovers that the disaster recovery plan (DRP) for a company does not include a critical application hosted in the cloud. Management's response states that the cloud vendor is responsible for disaster recovery (DR) and DR-related testing. ...