9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Transformation to a process based organisation

Today’s global marketplace rewards nimble organisations that learn and reinvent themselves faster than their competition. Employees at all levels of these organisations see themselves as members of teams responsible for specific business processes, with performance measures tied to the success of the enterprise. As team members, they are “owners” of the process (or processes) to which they are assigned. They are responsible for both the day to day functioning of their process(s), and also for continuously seeking sustainable process improvements.

Transforming a traditionally designed “top down control” enterprise to a process-based organisation built around empowered teams actively engaged in business process re-engineering (BPR) has proven more difficult than many corporate leaders have expected. Poorly planned transformation efforts have resulted in both serious impacts to the bottom line, and even more serious damage to the organisation’s fabric of trust and confidence in leadership.

Tomislav Hernaus, in a publication titled “Generic Process Transformation Model: Transition to Process-based Organisation” has presented an overview of existing approaches to organisational transformation. From the sources reviewed, Heraus has synthesised a set of steps that collectively represent a framework for planning a successful organisational change effort. Key elements identified by Hernaus include:

Strategic Analysis:

The essential first step in any transformation effort must be development of a clear and practical vision of a future organisation that will be able to profitably compete under anticipated market conditions. That vision must be expected to flex and adjust as understanding of future market conditions change, but it must always be stated in terms that all organisational members can understand.

Identifying Core Business Processes:

With the strategic vision for the organisation in mind, the next step is to define the core business processes necessary for the future organisation to function. These processes may exist across the legacy organisation’s organisational structures.

Designing around Core Processes:

The next step is development of a schematic representation of the “end state” company, organised around the Core Business Processes defined in the previous step.

Transitional Organisational Forms/ Developing Support Systems:

In his transformation model, Hernaus recognises that information management systems designed for the legacy organisation may not be able to meet the needs of the process management teams in the new organisation. Interim management structures (that can function with currently available IT system outputs) may be required to allow IT professionals time to redesign the organisation’s information management system to be flexible enough to meet changing team needs.

Creating Awareness, Understanding, and Acceptance of the Process-based Organisation:

Starting immediately after the completion of the Strategic Analysis process described above, management must devote sufficient resources to assure that all organisation members, especially key managers, have a full understanding of how a process-based organisation functions. In addition, data based process management skills need to be provided to future process team members. It is not enough to schedule communication and training activities, and check them off the list as they are completed. It is critical that management set behavioural criteria for communication and training efforts that allow objective evaluation of the results of these efforts. Management must commit to continuing essential communication and training efforts until success criteria are achieved. During this effort, it may be determined that some members of the organisation are unlikely to ever accept the new roles they will be required to assume in a process-based organization. Replacement of these individuals should be seen as both an organisational necessity and a kindness to the employees affected.

Implementation of Process Teams:

After the completion of required training AND the completion of required IT system changes, process teams can be formally rolled out in a planned sequence. Providing new teams with part time support by qualified facilitators during the firsts weeks after start-up can pay valuable long term dividends.

Team Skill Development and Continuous Process Improvement:

Providing resources for on-going skill development and for providing timely and meaningful recognition of process team successes are two keys for success in a process-based organisation. Qualified individuals with responsibility for providing training and recognition must be clearly identified and provided with sufficient budgetary resources.

The Hernaus model for transformation to a process based organisation is both well thought out and clear. His paper provides an ample resource of references for further study.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Why Spreadsheets can send the Pillars of Solvency II Crashing Down


Solvency II is now fast approaching and while it may provide added protection to policy holders, its impact on the insurance industry is not all a bed of roses. Expect insurance companies to restructure, increase manpower, and raise spending on actuarial operations and risk management initiatives. Those that cannot, will have to go. But what have spreadsheets got to do with all these?

Well, spreadsheets aren’t really the main casts in this blockbuster of a regulatory exercise but they certainly have a significant supporting role to play. Pillar I of Solvency II, which calls for improved supervision on internal control, risk management, and corporate governance, and Pillar II, which tackles supervisory reporting and public disclosure of financial and other relevant information, both affect systems that have high-reliance on spreadsheets.

A little background about spreadsheets might help.

Who needs an IT solution when you can have spreadsheets?

Everyone in any organisation just love spreadsheets; from the office clerk to the CEO. Because they’re so easy to use (not to mention they’re a staple in office computers), people employ them for processing numbers and as an all-around tool for planning, forecasting, reporting, complex modelling, market data analysis, and so on. They make such tasks faster and easier. Really?

You probably haven’t heard of spreadsheet hell

Unfortunately, spreadsheets do have certain shortcomings. Due to their inherent structure and lack of controls, it is so easy to commit simple errors like an accidental copy paste, an omission of a negative sign, an incorrect data input, or an unintentional deletion. Such shortcomings may seem harmless until your shareholders discover a multi-million discrepancy in your financial report.

And because spreadsheet errors can go undetected for a long time, they are constant targets of fraudsters. In other words, spreadsheets are high risk applications.

Solvency II Impact on Spreadsheet-based Financial and IT Systems

Regulations like Solvency II, are aimed at reducing risks to manageable levels. Basically, Solvency II is a risk-based system wherein a company?s capital requirements will depend on its measured riskiness. If companies want to avoid facing onerous capital requirements, they have to comply.

The three pillars of Solvency II have to be in place. Now, since spreadsheets (also known as User Developed Applications or UDAs) are high-risk applications with weak control features and prone to produce inaccurate reports, companies will have a lot of work to do to establish Pillars II and III.

There are at least 8 articles that impact spreadsheets in the directive. Article 82, for example, which requires firms to ensure a high level of data quality and accuracy, strikes at the very core of spreadsheets? weakness.

A whitepaper by Raymond Panko entitled ?Spreadsheets and Sarbanes-Oxley: Regulations, Risks, and Control Frameworks? mentioned that 94% of audited real world operational spreadsheets that were included in his study were found to have errors and that an average of 5.2% of all cells in the audited spreadsheets had errors.

Furthermore, many articles in the directive call for the enforcement of better documentation. This is one thing that’s very tedious and almost unrealistic to do with spreadsheets because just about anyone uses them. Besides, with different ‘versions? of the same data existing in different workstations throughout the organisation, it would be extremely difficult to keep track of them all.

Because of spreadsheets you now need an IT solution

It is clear that, with the growing number of regulations and the mounting complexity of tasks needed for compliance, spreadsheets no longer belong in this era. What you need is a server-based solution that allows for seamless collaboration, data reliability, data consistency, increased security, automatic consolidation, and all the other features that make regulation compliance more doable.

One important ingredient for achieving Solvency II compliance is sound data risk management. Sad to say, the ubiquitous spreadsheet will only expose your data to more risks.

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

Advert-Book-UK

amazon.co.uk

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
7 Challenges Facing Mobile Field Service ? And Overcoming them with FSM Solutions

Managing a mobile workforce comes with its set of challenges. There are multiple coordination levels, administrative hurdles when distributing tasks amongst your employees, the need to meet your customers? expectations, whilst still operating profitably. Your goal is to rake in more revenue, while striking a balance between the number of employees and the quality of the service being rendered. Under utilisation of the company resources may be misinterpreted to mean that you need more employees- which will affect your bottom line. Repeat visits with older jobs affect the response time for new client appointments. Clients get frustrated when their needs are not met on time. Remember that, for your client, their priority is getting their issue sorted- be it that pipe leak, electrical fault, damaged gas valve, or window installation completed on time. Administrative challenges on your end will simply come off as excuses, costing your brand dearly. The different fields share similar challenges- from utility firms, pest control, installation and repair services such as with plumbers and electricians, those running residential and commercial window cleaning companies, to property managers in charge of different buildings. Here are some of the obstacles faced:

1. Coordinating your team

Running things from the office can get hectic when your technicians are out on ground, and clients are at different locations. From appointments being delayed because the workers met traffic on their way, those calling in sick and requiring you to find replacements on short notice, clients who cancel appointments without notice- they all present a logistical nightmare. There is also the need to have a skill-based task distribution in place. Here, the focus is on getting the right technician for the job, not someone who has simply “dealt with it before as they helped their colleagues on a similar job“. With your firm having different personnel, you want to ensure that you spend the most appropriate technician to your client. This also aids the employees themselves, by increasing their morale as they will be dealing with tasks that they are particularly adept at, score you a high first-time fix rate, and avoid having to do follow up visits to resolve issues that were not properly addressed the first time round. 

Capterra undertook a field service software survey, which showed that 82% of organisations adopting FSM solutions saw an increased rate of first-time fixes, and a 90% rise in actual conversations from quotes.

Capterra

How field service job management software impacts businesses. Source: Capterra

 Follow-ups tend to cost extra with the additional dispatch, and take away your fiend agents from the work that had been scheduled to be handled. Resolving these logistical issues with traditional approaches can be problematic, especially with all the paperwork involved. In fact, let’s delve into that.

2. Mounds of paperwork

Having loads of data streaming in from your field workforce can put one on edge. Organising the documents, creating the spreadsheets and typing away at calculators, sorting the files in cabinets and the stress that comes when a single file appears lost in the heaps of sheets – it creates a bottleneck for your operations.  Manually handling the data at the central office also compromises on the accuracy of the process due to human error, from syntax issues when transferring information, incorrect inputs, to duplicate errors- which is expected to occur with increased frequency due to the tiring nature of the process. Actually, 46% of the respondents surveyed by the Service Council said that paperwork and admin work was the worst part of their day.

The field worker is also affected by the paperwork. From having to come to the office each morning to collect the documents needed for the day, walking with the bulky files from one site to another, perusing through lots of sheets whenever they want mire information about a particular customer or the job description- and the frustration that comes when some documents have been forgotten back at the office- it hampers productivity. Running out of copies of paper will also be unavoidable when your staff are away from the office- and more time will be spent coming back to restock. There are also additional issues like the forms getting soiled or torn, and even the wind blowing them away as your technicians are out in the field.  Dealing with the contracts, collecting signatures for each job that is handled, jotting down notes concerning the particular tasks that they are taking care of- it increases the workload. In fact, this often results in errors in data entry, and jobs being poorly documented.

Fortunately, this doesn’t have to be the case for your firm. Technological advancements have seen solutions being developed to minimise the paperwork involved. These mobile service management software allow the field worker to access all the details of the job via handy apps on their smartphones and tablets- as is the case with FieldElite. Instead of walking around with the documents and files, the information is stored via cloud, and is accessible in real-time. The job documentation- from photos, notes to the customer?s e-signature are all collected through the app, and the information is securely stored and immediately available to the personnel back at the head office. 

Service analytics- where you get to observe product demand, performance of your workforce and analyse your customer base growth through the dashboard reporting modules that come with the FMS software is a key tool for decision makers of the company. You get to optimise your performance without having to resort to adding more work hours, or pushing your employees into overtime. Field service analytics has been shown to increase profitability for leading companies by 18%, going by the ?Get Smart: Business Intelligence and Analytics for Service Organizations? study done by Aberdeen Group.

3. Scheduling conflicts

First, there are multiple jobs that need to be attended to- and disappointing your clients will lead to backlash. Secondly, you have a large team of workers- and you want to optimise on their productivity at an individual level. From an administrative perspective, you are also required to provide proper work structures that incorporate your employees? safety during the jobs being handled- and not to run them like mules, overworking them in a bid to hit your targets. Thirdly, the workers have different individual hours of operations- or they work in shifts. Running all this from a central point, allocating the jobs as needed and managing the different schedules, can be a tall order without the right field service scheduling software.

When your customers book an appointment, they expect that your company will deliver on its mandate, providing the services that they are paying you for as required. On the other hand, as the company, you are relying on your employees to meet those expectations. This means that you should have structures in place to ensure that your field workers stick to their assigned schedules. For this you will need to know their location in real-time, track their performance, and check on their adherence to the set schedules. Working with field service job management software allows you to handle the logistics of every task from one dashboard. By tracking your technicians while they are out in the field, you will be able to allocate orders faster, monitor the incoming customer requests, and manage the task distribution more efficiently. When you have an FSM that allows your workers to coordinate with the head office via mobile app, there will be an increased rate of job completion, and a reduction in overtime. Both your clients and employees get to be happy at the end of the day.

4. Lonely workers

Working in the office has its perks. You are surrounded by your colleagues, and can easily get the attention of anyone in management if needed. However, while out in the field, the workers can feel disconnected from the company structure, left to their devices while still bearing the responsibility of presenting the company in positive light- as they also double up as your brand ambassadors. The loneliness can get to them, with a report by the Service Council showing that isolation was the worst part of the work day for 21% of technicians. The chat feature that comes with the mobile service management software apps is one of the reasons behind their popularity, keeping the employees connected to the rest of the manager at the central office, and even other field employees- which makes them feel as part of one large family.

Safety is also a concern, especially for cases where your field staff will be working in hazardous situations – like conducting repairs on top of radio towers, dealing with gas equipment in concealed spaces. The central office needs to remain in constant communication with the workers, and have the appropriate structures in place to handle emergencies. You don’t want to lose employees because they don’t feel that their safety is a priority to you. A skilled technician is an asset that should be protected- and certainly you wouldn’t want to incur extra funds to hire and train personnel- which will end up being an additional strain to your budget over time. Field service job management software with features that allow your employees to check-in remotely via app will be handy in notifying the head office of their arrival at the job site, and in case of any incident, the field manager can quickly see the employees? last location, and dispatch help to them. 

5. Difficulty in assessing performance metrics

When you have a situation where timesheets are only handed in after the workday- and in some cases at the end of the week, it becomes difficult to assess the level of productivity of your field workers. Are you getting value for your money with the wages that are being paid out? Are there lots of lost work hours due to logistical hitches- or cases where the field worker delay the tasks, or take out sections of their day to attend to matters of personal interest- and still bill you for it? All this translates to poor customer service, with issues ranging from cancelled and rescheduled appointments, unmet targets, disagreements based on the scope of work being handled, to client dissatisfaction for not having their issues addressed in a timely manner- which becomes a hit on your brand.

FSM comes in to enable the field service manager to always be in the loop during the entire process- knowing exactly how long the workers are spending on each particular task, the jobs that are pending, cancelled or rescheduled, in order to constantly review and optimise the planning of the firm?s activities. With software like FieldElite, you even get a birds-eye view, as the work areas are mapped out, that way you will be in a position to direct your field workers on aspects like the best routes to take to avoid traffic gridlocks.

6. The break factor

How do you plan for breaks? Jobs are different, and there will be unexpected issues cropping up regularly. However, the field worker is still entitled to breaks during the working day- such as the all-important lunchtime. The problem arises when there is unextended time on some job sites, and cases of unscheduled breaks being taken. These have a ripple effect, as they will cause delays on other projects that are on queue, and you can also expect customer complaints to be coming in hot and hard. From a management point of view, you want to have the ability to respond to the issues as they arise, and reassign the jobs accordingly. Mobile service management software gives you this power.

7. Customer relationship management

Customers want to be part of the process, staying in the loop with the service appointments that have been scheduled- and understandably so. From the booking process, to following up on the progress of the job- it all factors in. In case there are issues that crop up- like service vehicles being delayed, situations where extra parts need to be ordered, or the session cancelled and scheduled on a different day- being fully transparent with your customers will be a great boost to your brand. Gaining new clients and retaining the current ones requires the firm to maintain a quality customer service.

Negative feedback because of your customers? feeling neglected will be a setback for your business. Integrating the customer relationship management into the field service will go a long way in enhancing their experience. Here, software solutions like FieldElite have also got you covered with a customer self-serve portal, accessible online through their browsers. This has the welcome benefit of reducing the number of calls as they conduct follow-ups, since they will be in a position to track the project right from the comfort of their homes and office desks, thus increasing customer satisfaction.

Ready to work with Denizon?

Contact Us Today