9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

ESOS Facts on a Page

The UK?s ESOS energy saving program stands for ?Energy Savings Opportunity Scheme?. Its purpose is to reduce demand – and hence fossil-based pollution at both ends of the supply chain. It currently applies to large UK companies only. However its guidelines are also valuable input to smaller firms voluntarily going greener.

The program threshold is 250 employees and / or turnover or at least ?UK50 million. This affects approximately 9,000 UK firms, with others below the threshold wondering whether the government plans to lower it. In essence, ESOS requires that qualifying businesses complete comprehensive audits of energy use and opportunities at least every fourth year.

The plan is carrot and stick. Compliant companies will probably uncover significant savings when they stop and measure. They may even unearth carbon credits they can sometime exchange for cash. Reactionary firms who try to duck the issue will feel Her Majesty?s wrath through stiff penalties. In time, they may find it harder to attract investors. If ESOS affects your company, then the wise thing could be complying by the first deadline of 5 December 2015.

To do so, you must conduct an energy audit and report it to the UK Environment Agency. This comprises

  1. Measuring total energy use across processes, transport and facilities
  2. Pie charting 90% of this to identify areas that are energy intensive
  3. Singling out cost-effective energy-saving projects in high use areas
  4. Submitting your report to the Environment Agency ahead of the deadline

ecoVaro recommends affected companies do not leave this to the last minute. While having ISO 50001 may exempt some from ESOS, the regulations are far from straightforward and it will take months to reach complete clarification. We would like to suggest a more balanced approach.

ESOS is a wonderful incentive to save energy costs while contributing to a better future for the kids. The Energy Savings Opportunity Scheme is precisely that. The cost of energy has crept up on us to the extent that we have to do something, government or no government.

Measuring energy consumption is as simple as installing meters at critical points in the flow, and you probably have many of them anyway. Once you have your data you no longer have to crunch the numbers. ecoVaro can do this for you and return the result in the form of handy graphs and spreadsheets.

How Westin Melbourne Hotel Trimmed its Footprint

Becoming sustainable is a three-pronged process. You must save money and push the buttons the government is pressing you to. But there?s a deeper, more urgent issue. If your customers mark you down for not being green enough you are heading for trouble. Let’s see how well this hotel is doing.

The Melbourne flagship of the Westin hotel chain boasts 262 spacious rooms with views of Melbourne Square and surrounding theatres, designer boutiques, galleries and national landmarks. The architects included conference facilities, a wellness centre and sundry bars and restaurants. After climate change arrived to stay, hotel management discovered they had inherited a water and energy-greedy monster. Their solution was to measure what was going through their systems, and then progressively cap the building?s greedy appetite.

The Melbourne Westin Hotel could not have achieved results without these metrics. They began by determining key indicators and measuring them. This provided them with criteria to set achievable, cost effective targets in the following key areas of their business:

  1. Water Management ? Demand-based linen and towel recycling, installation of back-washable water filters, water-saving shower heads, dual-flush toilets.
  2. Waste Management ? Conversion to green products, recycling kitchen oil, moving towards a paperless office, recycling everything possible.
  3. Energy Management ? Energy-efficient light bulbs, standby settings for lights, computers, televisions and air conditioners
  4. Stakeholder Communication ? Staff green-team training, guest education, ongoing employee briefings
  5. Strategic Positioning ? Visible, top-down commitment, optimised carbon offsets from clean, renewable energy sources, clearly stated position in the market

Westin?s Melbourne landmark has made good progress towards becoming the green hotel for others to follow. It has adjusted its environmental policies, increased water and energy awareness and implemented tight waste management.

Consumers are already shopping to make their carbon footsteps lighter. Food stores are on the bandwagon although apparel is lagging. Perhaps it’s time you found out just how your company is shaping up. It’s no longer a matter of ?if carbon taxes?. It’s a matter of ?when it does?.

ecoVaro is a software system-in-the-cloud that lets you enter your water and energy consumption and process it online so you can monitor and manage your usage. In no time at all you could be saving money like Westin Melbourne did. Does that sound like something worth investigating?

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Convert visits to sales to repeat purchases

The moment you start seeing more than a thousand unique visitors in just one day, we won’t be surprised if you’d be grinning ear to ear the entire week. But when weeks turn into months, you’ll then remember why you started off on this venture in the first place … and it wasn’t about just owning an immensely popular website.

People, like you, who’ve chosen to invest in eCommerce were most likely thinking along the lines of great ROI, revenues, and profits. Now that you have thousands of visitors, how would you like to have, say for a start, 1% of them buying the products on your site?

You know more about your own product prices; you do the math. But what might really interest you is that a slight change in that 1% conversion rate can already spell a big difference in your profits. Now imagine bringing that 1% up to at least 10%. That’s possible, but not if you simply rely on guesswork.

We rely on tests applicable to complex multi-variable systems, just like today’s typical eCommerce websites, in determining which combination of copy text, landing page images, form layouts, and background colours generate higher conversion rates.

Here’s how we’ll convert your visitors into buyers:

  • We’ll conduct A/B or even multivariate tests on your eCommerce website, thus eliminating guesswork in determining how to increase those conversion rates.
  • We’ll perform on-site and off-site web analytics to gain a deeper understanding of web usage to aid in our optimisation operations.
  • Through our expertise in copywriting, graphics and web designing, UI designing, and website QA, we can enhance and fine tune your site to give each visitor a uniquely engaging browsing experience.
  • We can also integrate CRM (Customer Relationship Management) systems so that you’ll have the technical advantage to turn one-time buyers into repeat customers.

Ready to work with Denizon?