9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

What Energy Management Software did for CDC

Chrome Deposit Corporation ? that’s CDC for short ? reconditions giant rollers used to finish steel and aluminium sheets in Portage, Indiana by applying grinding, texturing and plating methods. While management was initially surprised when the University of Delaware singled their plant out for energy assessment, this took them on a journey to bring energy consumption down despite being in an expansion phase.

Metal finishing and refinishing is an energy-intensive business where machines mainly do the work while workforces as small as 50 individuals tend them. Environmental impacts also need countering within a challenging environment of burgeoning natural gas and electricity prices.

The Consultant’s Recommendations

The University of Delaware was fortunate that Chrome Deposit Corporation had consistently measured its energy consumption since inception in 1986. This enabled it to pinpoint six strategies as having potential for technological and process improvements.

  • Insulate condensate tanks and pipes
  • Analyse flue gas air-fuel ratios
  • Lower compressed air pressures
  • Install stack dampers on boilers
  • Replace belts with pulleys and cogs
  • Fit covers on plant exhaust fans

CDC implemented only four of the six recommendations. This was because the boiler manufacturer did not recommend stack dampers, and the company was unable to afford certain process automation and controls.

Natural Gas Savings

The project team began by analysing stack gases from boilers used to heat chrome tanks and evaporate wastewater. They found the boilers were burning rich and that several joints in gas lines were leaking. Correcting these issues achieved an instant gas saving of 12% despite increased production.

Reduced Water Consumption

The team established that city water was used to cool the rectifiers. It reduced this by an astonishing 85% by implementing a closed-loop system and adding two chillers. This also helped the water company spend less on chemicals, and energy to drive pumps, purifiers and fans.

Summary of Benefits

Electricity consumption reduced by 18% in real terms, and natural gas by 35%. When these two savings are merged they represent an overall 25% energy saving. These benefits were implemented across the company?s six other plants, resulting in benefits CDC management never dreamed of when the University of Delaware approached them.

ecoVaro offers a similar data analytics service that is available online worldwide. We have helped other companies slash their energy bills with similarly exciting results. We?ll be delighted to share ideas that only data analytics can reveal.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
How the Dodd-Frank Act affects Investment Banking

The regulatory reform known as the Dodd-Frank Act has been hailed as the most revolutionary, comprehensive financial policy implemented in the United States since the years of the Great Depression. Created to protect consumers and investors, the Dodd-Frank Act is made up of a set of regulations and restrictions overseen by a number of specific government departments. As a result of this continuous scrutiny, banks and financial institutions are now subject to more-stringent accountability and full-disclosure transparency in all transactions.

The Dodd-Frank Act was also created to keep checks and balances on mega-giant financial firms that were considered too big to crash or default. This was especially deemed crucial after the collapse of the powerhouse financial institution Lehman Brothers in 2008. The intended result is to bring an end to the recent rash of bailouts that have plagued the U.S. financial system.

Additionally, the Dodd-Frank Act was created to protect consumers from unethical, abusive practices in the financial services industry. In recent years, reports of many of these abuses have centered around unethical lending practices and astronomically-high interest rates from mortgage lenders and banks.

Originally created by Representative Barney Frank, Senator Chris Dodd and Senator Dick Durbin, the Dodd-Frank Wall Street Reform and Consumer Protection Act, as it is officially called, originated as a response to the problems and financial abuses that had been exposed during the nation’s economic recession, which began to worsen in 2008. The bill was signed into law and enacted by President Obama on July 21, 2010.

Although it may seem complicated, the Dodd-Frank Act can be more easily comprehended if broken down to its most essential points, especially the points that most affect investment banking. Here are some of the component acts within the Dodd-Frank Act that directly involve regulation for investment banks and lending institutions:

* Financial Stability Oversight Council (FSOC): The FSOC is a committee of nine member departments, including the Securities and Exchange Commission, the Federal Reserve and the Consumer Financial Protection Bureau. With the Treasury Secretary as chairman, the FSOC determines whether or not a bank is getting too big. If it is, the Federal Reserve can request that a bank increase its reserve requirement, which is made up of funds in reserve that aren’t being used for business or lending costs. The FSOC also has contingencies for banks in case they become insolvent in any way.

? The Volcker Rule: The Volcker Rule bans banks from investing, owning or trading any funds for their own profit. This includes sponsoring hedge funds, maintaining private equity funds, and any other sort of similar trading or investing. As an exception, banks will still be allowed to do trading under certain conditions, such as currency trading to circulate and offset their own foreign currency holdings. The primary purpose of the Volcker Rule is to prohibit banks from trading for their own financial gain, rather than trading for the benefit of their clients. The Volcker Rule also serves to prohibit banks from putting their own capital in high-risk investments, particularly since the government is guaranteeing all of their deposits. For the next two years, the government has given banks a grace period to restructure their own funding system so as to comply with this rule.

? Commodity Futures Trading Commission (CFTC): The CFTC regulates derivative trades and requires them to be made in public. Derivative trades, such as credit default swaps, are regularly transacted among financial institutions, but the new regulation insures that all such trades must now be done under full disclosure.

? Consumer Financial Protection Bureau (CFPB): The CFPB was created to protect customers and consumers from unscrupulous, unethical business practices by banks and other financial institutions. One way the CFPB works is by providing a toll-free hotline for consumers with questions about mortgage loans and other credit and lending issues. The 24- hour hotline also allows consumers to report any problems they have with specific financial services and institutions.

? Whistle-Blowing Provision: As part of its plan to eradicate corrupt insider trading practices, the Dodd-Frank Act has a proviso allowing anyone with information about these types of violations to come forward. Consumers can report these irregularities directly to the government, and may be eligible to receive a financial reward for doing so.

Critics of the Dodd-Frank Act feel that these regulations are too harsh, and speculate that the enactment of these restrictions will only serve to send more business to European investment banks. Nevertheless, there is general agreement that the Dodd-Frank Act became necessary because of the unscrupulous behaviour of the financial institutions themselves. Although these irregular and ultimately unethical practices resulted in the downfall of some institutions, others survived or were bailed out at the government’s expense.

Because of these factors, there was more than the usual bi-partisan support for the Dodd-Frank Act. As a means of checks and balances, the hope is that the new regulations will make the world of investment banking a safer place for the consumer.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
The Child at Work: Fun Team Builds with LEGO SERIOUS PLAY

There is a child just below the surface in all of us. When were kids, adults lopped off the sharp bits that intruded into their ?genteel? society. Schools, to their everlasting shame sanded away our unique free spirits, as they stuck us into uniforms and imposed a daily classroom discipline. We received badges and prizes if we obeyed, and strict sanctions when we did not. This produced a generation of middle-age managers who no longer know how to play.

Life can be so deadly serious ?

Things work pretty much the same in business. Life is deadly serious. If we want to keep our jobs, we must deliver on the bottom line in our departments. There is little time for fun outside the Christmas party, when we may, within the limits of decorum engage in activity for enjoyment and recreation, rather than a serious or practical purpose.

Team builds (and strategic planning sessions) can be deadly boring affairs that proceed down narrow funnels defined by human resource facilitators. No matter how hard HR they may try, the structural hierarchy will remain intact, unless they find a way to set it aside during the program. Injecting fun into the occasion liberates independent thought, and this is why.

? But not for a little child at play

Next time you dine out at a branded family restaurant, select a seat that allows you observe the kiddies? play zone. Notice how inventive children become, when the family hierarchy is not there to tell them what to do (although parents may try from the wrong side of the soundproof glass). The ?serious play? side of fun team-builds aims to liberate managers by releasing their child for the duration. Shall we dig a little deeper into this and discover the dynamics?

Many of us have less than perfect oral communication skills. This is one of the great impediments to modern business meetings. We may not have sufficient time to formulate our thoughts for them to remain relevant when we speak. When we express them, we sense the group?s impatience for us to hurry up, so other members can have their opportunity to contribute.

Sharing better thinking with LEGO? bricks

Most of us feel an urge to click the brightly coloured plastic bricks together that carpenter Ole Kirk Christiansen released into a war-weary world in 1949. The basic kit is a great leveller because the blocks are all the same, and the discriminators are the colours and the power of our imagination. Watching a free-form LEGO builder in action is equally fascinating, as we wonder ?what they will do next? and ?what is happening in their mind.?

Examples of LEGO Serious PLAY in action

Instead of asking team members to describe themselves in a minute, a LEGO? SERIOUS PLAY? facilitator may gather them around a table piled high with LEGO bricks instead, and ask them to each build a model of themselves. The atmosphere is informal with interaction and banter encouraged. It is still serious play though, as team members get to know each other, and their own personalities better

The system is equally effective in strategic sessions, where the facilitator provides specially selected building blocks for the team to experiment with as they learn to listen, and share. This enables them to deconstruct a problem into its component parts, and share solutions regardless of seniority, culture, and communication skills.

Creating problem- and solution-landscapes three dimensionally this way, enables open conversations that keep the focus on the problem. Participants at these team builds do not only reach effective consensus faster. They are also busy building better communication skills as they do.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today