What should I consider when selecting the cloud for my IP management system in the cloud?

When looking for a suitable IPM system, I would of course prefer a cloud application these days.

It would have to be fast, easy to use, and easy to understand. From tasks assigned to team members to documents to be uploaded and archived, I would focus on a provider that guarantees a cloud service.

However, I would make sure that the cloud service has the following minimum technical requirements:

1. Hardening the system.
2. Patch management.
3. 2-factor authentication.
4. End-to-end encryption with at least AES256 (standard). It's important that the encryption ends at the physical system where the data is processed, and no intermediate system (such as a proxy) decrypts the data. Only then can one speak of end-to-end encryption.
5. Hard drive encryption at the storage location. Never forget that, theoretically, the hard drive could easily be stolen, as not every provider has a high-security facility. In short: The data on the hard drive must be encrypted.
6. Monitoring and logging in accordance with legal requirements.
7. High password complexity. What does high mean when we talk about password complexity? We believe that 2 characters are sufficient when used in conjunction with two-factor authentication, but only then.
8. Role-based access. This is a basic requirement in an enterprise environment, but not necessary for an individual user.
9. Least privilege principle. Typically a topic in larger corporate environments. For example, the functionality to assign tasks to another user requires that real users can search for other real users. To do this, they need a special right, which would actually contradict the least privilege principle. But still, the least privilege principle is a must.