9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

simplify those answers;
help you pick the right cloud service provider, and
even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

Check our similar posts

Job & Staff Scheduling with FieldElite Mobile Service Management Software

Field Service Management (FSM) software systems are designed to enable you to manage your mobile workforce from a central point- and do away with the paperwork involved with the process. They connect your technicians on the ground (via app on their phones), to the staff at the head office- who have an interactive dashboard accessed through their browsers. The office team will have access to all the jobs that are to be handled by the company, simplifying the management process and taking away the risks that come with manual data entry. Here, we will walk you through a quick process of scheduling a job for your personnel with FieldElite.

Say you are a HVAC contractor, licensed, bonded and insured. You’ve made quite a name for yourself in the industry, and have a wide range of clients- in both residential and commercial establishments. Consequently, you also have a large workforce to attend to the different situations- from installing to repair and maintenance. One of your clients- let’s call them ABC Computer Supplies, has an issue with their HVAC unit- perhaps a pipe is leaking. It needs to be fixed, and ABC have booked an appointment.? Your goal here is to get one of your personnel to handle the task as soon as possible, and this field service scheduling software comes in handy.

There are two approaches that you can take:

1. Job Scheduling

From your Dashboard, on the left-hand side you will see the menu option. Clicking on Jobs, will take you to all jobs carried out by your company.

The filters will allow you to view different categories of jobs:

Complaint– This means that there was an issue with on ground during the task delivery, and the client lodged a complaint.
On hold– Here, different aspects can cause a job to be paused- like when spare parts or equipment required for repair jobs have been ordered, and one needs to wait for them to be shipped in from a different location.
Pending– This is basically your in-tray, a list of jobs that are to be carried out.
In Progress– The technicians are on the ground, attending to the client’s needs, and you’re getting routine updates from them.
Incomplete– Though the job had been assigned to the required technician, it was not completed in the set amount of time, thus requiring an additional visit to the site. Given that the FSM solution increases the first-time fix rate, cases of ?incomplete tasks? are reduced.
Complete– The task is successfully done and the customer has appended their e-signature, and now it can be invoiced.
Cancelled Invoice– The head office determines that a particular invoice shouldn’t be paid, and thus cancels it.

Our focus here is the pending tasks, so use this filter. ABC’s HVAC job will be among these. Clicking on its Job ID will open up the details of the task, with such an Update Job window:

This section contains all the information of the job- both past and present, which you can update in real-time. Any changes will be recorded by the system and can be viewed on the “Audit” tab.

As you can see here, the HVAC repair job is both “pending” and “urgent”. No one really likes sitting in an office that feels like an oven. Being the headquarters, it’s likely handles lots of foot traffic, and the damaged HVAC unit will make the working conditions really difficult. It’s best not to keep the client waiting, right?

So, head on over to the Supervisor and Workers section (on the same “Details” tab), and select the personnel suited for the task.

Set the time that the task will take for your technician, and once satisfied with the details of the job, click on Update. Voila! You’re done.

Immediately this happens, the worker received a notification on their app, telling them that they have been assigned the job.

From the app, the technician will be able to view the specifics of the HVAC job, including notes and attachments that you can add directly from your own dashboard, such as schematics of the building and reports from other technicians who installed the air conditioning system for the facility. You also get to add products that will be required for the task- like the pipe and panel mounted socket shown here. As the system also includes an inventory of the products used, their quantity and costs, you will be able to keep an accurate record of the supplies as they as are used.

As such, the field workers will not have to keep coming back to the central office to get documents and reports of new tasks, or walk around with bulky files. When they are carrying out the job, they will also be able to keep the staff at the office updated about its progress, through the chat feature on the mobile app, taking photos and adding notes as required.

2. Staff Scheduling

With this approach, the perspective is basically: ?So I have a couple of jobs- which of my employees has time to handle them?? The FSM allows you to optimise your productivity- by ensuring that you get the most out of the staff work hours, and avoid cases of jobs going into overtime.

Follow these steps:

Select ?Scheduler? from the left-hand side of the window. You will have a view of the workers of your company and how their day is planned out, and a summary of the unassigned jobs.

Here, you can tell whose busy, and who can have a new task assigned to them at the click of a button- which is far more effective than keeping on jotting down points in your diary or going through files of documents.

If the job has yet to be added to the system- like for the cases of new clients, simply click on the ?Add Job? button and key in its details.

2. Scroll down, you will see a list of unassigned jobs.

3. Next, click on the edit button under ?Actions?. This will take you to the same ?Update Job? window described in the first approach, in order to assign the preferred worker to the role.

This real-time dispatching avoids cases of your desk getting cluttered with paper sheets, and prevents duplicate entries as each job has its own ID and task details- from the scheduling to the invoicing. In this case, your HVAC technician will have access to the information needed right at the palm of their hand, to ensure that the task at ABC?s head office goes seamlessly. The optimised schedule will enable the task to be carried out faster- restoring normalcy to your client’s facility.? In case the client’s location is on the route that one of your technicians takes while heading home, you can take advantage of this by giving them the task towards the end of their working day- thus clearing more of your backlog, sorting out your client, and easing your technician?s worries about getting home late.

As you can see, the field service scheduling software enables you to easily and efficiently handle your workflow, avoid the mess that is associated with manual documentation and cases of your employees getting conflicting schedules and overlaps- which would strain them and dampen their morale. Streamlining your workflow and standardising operations ultimately results in increased customer satisfaction.

Uncover hidden opportunities with energy data analytics

What springs to mind when you hear the words energy data analytics? To me, I feel like energy data analytics is not my thing. Energy data analytics, however, is of great importance to any organisation or business that wants to run more efficiently, reduce costs, and increase productivity. Energy efficiency is one of the best ways to accomplish these goals.

Energy efficiency is not about investment in expensive equipment and internal reorganization. Enormous energy saving opportunities is hidden in already existing energy data. Given that nowadays, energy data can be recorded from almost any device, a lot of data is captured regularly and therefore a lot of data is readily available.

Organisations can use this data to convert their buildings’ operations from being a cost centre to a revenue centre through reduction of energy-related spending which has a significant impact on the profitability of many businesses. All this is possible through analysis and interpretation of data to predict future events with greater accuracy. Energy data analytics therefore is about using very detailed data for further analysis, and is as a consequence, a crucial aspect of any data-driven energy management plan.

The application of Data and IT could drive significant cost savings in company-owned buildings and vehicle fleets. Virtual energy audits can be performed by combining energy meter data with other basic data about a building e.g. location, to analyse and identify potential energy savings opportunities. Investment in energy dashboards can further enable companies to have an ongoing look at where energy is being consumed in their buildings, and thus predict ways to reduce usage, not to mention that energy data analytics unlock savings opportunities and help companies to understand their everyday practices and operating requirements in a much more comprehensive manner.

Using energy data analytics can enable an organisation to: determine discrepancies between baseline and actual energy data; benchmark and compare previous performance with actual energy usage. Energy data analytics also help businesses and organisations determine whether or not their Building Management System (BMS) is operating efficiently and hitting the targeted energy usage goals. They can then use this data to investigate areas for improvement or energy efficient upgrades. When energy data analytics are closely monitored, companies tend to operate more efficiently and with better control over relevant BMS data.

ESOS Guide for UK Manufacturers Available

The Engineering Employers’ Federation (EEF) is the UK’s largest sectoral structure. Its goal is to promote the interests of manufacturing, engineering and technology-based businesses in order to enhance their competitiveness.

EEF has positioned itself in London and Brussels in order to be in a position to lobby at EU and Westminster level. Part of its role is helping its members adapt to change and capitalise on it. When it discovered that a third of UK manufacturers must comply with ESOS (and 49% had not even heard of it) EEF decided it was time to publish a handbook for its members.

According to EEF’s head of climate and environment policy Gareth Stace, For the many manufacturers that have already taken significant steps to improve energy efficiency, ESOS can be viewed as a ?stock taking exercise?, ensuring that momentum is maintained and new measures are highlighted and taken when possible?.

He goes on to add that others that have not begun the process should view it as an ‘impetus’ to go head down and find the most cost-effective ways to slash energy costs. Ecovaro adds that they would also have the opportunity to reduce carbon emissions almost as a by-product.

Firms with more than 250 employees, over 250 million revenue or both must comply with ESOS across all UK sectors. In simplest terms, they must have conducted an energy audit by 5th December 2015, and logged their energy saving plan with the Environmental Agency that is Britain?s sustainability watchdog.

The Department of Energy & Climate Change (DEEC) that oversees it believes that large UK businesses are wasting ?2.8 billion a year on electricity they do not need. Clearly it makes sense to focus on larger targets; however EcoVaro believes those halfway to the threshold should voluntarily comply if cutting their energy bills by 25% sounds appealing.

We are able to assist with interpreting their energy audits. These are often a matter of installing sub-meters at distribution points, and reading these for a few representative months to establish a trend. Meters are inexpensive compared to electricity costs, and maintenance teams can install them during maintenance shutdowns.

Ecovaro helps these firms process the data into manageable summaries using cloud-based technology. This is on a pay-when-used basis, and hence considerably cheaper than acquiring the software, or appointing a consultant.