9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Why Executives Fail & How to Avoid It

The ?Peter Principle? concerning why managers fail derives from a broader theory that anything that works under progressively more demanding circumstances will eventually reach its breaking point and fail. The Spanish philosopher Jos? Ortega y Gasset, who was decidedly anti-establishment added, “All public employees should be demoted to their immediately lower level, as they have been promoted until turning incompetent”.

The Peter Principle is an observation, not a panacea for avoiding it. In his book The Peter Principle Laurence J. Peter observes, “In a hierarchy every employee tends to rise to his level of incompetence … in time every post tends to be occupied by an employee who is incompetent to carry out its duties … Work is accomplished by those employees who have not yet reached their level of incompetence.”

Let’s find out what the drivers are behind a phenomenon that may be costing the economy grievously, what the warning signs are and how to try to avoid getting into the mess in the first place.

Drivers Supporting the Peter Principle

As early as 2009 Eva Rykrsmith made a valuable contribution in her blog 10 Reasons for Executive Failure when she observed that ?derailed executives? often find themselves facing similar problems following promotion to the next level:

The Two Precursors

  • They fail to establish effective relationships with their new peer group. This could be because the new member, the existing group, or both, are unable to adapt to the new arrangement.
  • They fail to build, and lead their own team. This could again be because they or their subordinates are unable to adapt to the new situation. There may be people in the team who thought the promotion was theirs.

The Two Outcomes

  • They are unable to adapt to the transition. They find themselves isolated from support groups that would otherwise have sustained them in their new role. Stress may cause errors of judgement and ineffective collaboration.
  • They fail to meet business objectives,?but blame their mediocre performance on critical touch points in the organization. They are unable to face reality. Either they resign, or they face constructive dismissal.

The Warning Signs of Failure

Eva Rykrsmith suggests a number of indicators that an individual is not coping with their demanding new role. Early signs may include:

  • Lagging energy and enthusiasm as if something deflated their ego
  • No clear vision to give to subordinates, a hands-off management style
  • Poor decision-making due to isolation from their teams? ideas and knowledge
  • A state akin to depression and acceptance of own mediocre performance

How to Avoid a ?Peter? in Your Organization

  • Use succession planning to identify and nurture people to fill key leadership roles in the future. Allocate them challenging projects, put them in think tanks with senior employees, find mentors for them, and provide management training early on. When their own manager is away, appoint them in an acting role. Ask for feedback from all concerned. If this is not positive, perhaps you are looking at an exceptional specialist, and not a manager, after all.
  • Consider the future, and not the past when interviewing for a senior management position. Ask about their vision for their part of the organization. How would they go about achieving it? What would the roles be of their subordinates in this? Ask yourself one very simple question; do they look like an executive, or are you thinking of rewarding loyalty.
  • How to Avoid Becoming a ?Peter??Perhaps you are considering an offer of promotion, or applying for an executive job. Becoming a ?Peter? at a senior level is an uncomfortable experience. It has cost the careers of many senior executives dearly. We all have our level of competence where we enjoy performing well. It would be pity to let blind ambition rob us of this, without asking thoughtful questions first. Executives fail when they over-reach themselves, it is not a matter of bad luck.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
2015 ESOS Guidelines Chapter 1 ? Who Qualifies

The base criteria are any UK undertaking that employs more than 250 people and/or has a turnover in excess of ?50 million and/or has a balance sheet total greater than ?43 million. There is little point in attempting to separate off high polluting areas. If one corporate group qualifies for ESOS, then all the others are obligated to take part too. The sterling equivalents of ?38,937,777 and ?33,486,489 were set on 31 December 2014 and apply to the first compliance period.

Representatives of Overseas Entities

UK registered branches of foreign entities are treated as if fully UK owned. They also have to sign up if any overseas corporate element meets the threshold no matter where in the world. The deciding factor is common ownership throughout the ESOS system. ecoVaro appreciates this. We have seen European companies dumping pollution in under-regulated countries for far too long.

Generic Undertakings that Could Comply

The common factor is energy consumption and the organisation’s type of work is irrelevant. The Environmental Agency has provided the following generic checklist of undertakings that could qualify:

Limited Companies Public Companies Trusts
Partnerships Private Equity Companies Limited Liability Partnerships
Unincorporated Associations Not-for-Profit Bodies Universities (Per Funding)

Organisations Close to Thresholds

Organisations that come close to, but do not quite meet the qualification threshold should cast their minds back to previous accounting periods, because ESOS considers current and previous years. The exact wording in the regulations states:

?Where, in any accounting period, an undertaking is a large undertaking (or a small or medium undertaking, as the case may be), it retains that status until it falls within the definition of a small or medium undertaking (or a large undertaking, as the case may be) for two consecutive accounting periods.?

Considering the ?50,000 penalty for not completing an assessment or making a false or misleading statement, it makes good sense for close misses to comply.

Joint Ventures and Participative Undertakings

If one element of a UK group qualifies for ESOS, then the others must follow suit with the highest one carrying responsibility. Franchisees are independent undertakings although they may collectively agree to participate. If trusts receive energy from a third party that must do an ESOS, then so must they. Private equity firms and private finance initiatives receive the same treatment as other enterprises. De-aggregations must be in writing following which separated ESOS accountability applies.

Convert visits to sales to repeat purchases

The moment you start seeing more than a thousand unique visitors in just one day, we won’t be surprised if you’d be grinning ear to ear the entire week. But when weeks turn into months, you’ll then remember why you started off on this venture in the first place … and it wasn’t about just owning an immensely popular website.

People, like you, who’ve chosen to invest in eCommerce were most likely thinking along the lines of great ROI, revenues, and profits. Now that you have thousands of visitors, how would you like to have, say for a start, 1% of them buying the products on your site?

You know more about your own product prices; you do the math. But what might really interest you is that a slight change in that 1% conversion rate can already spell a big difference in your profits. Now imagine bringing that 1% up to at least 10%. That’s possible, but not if you simply rely on guesswork.

We rely on tests applicable to complex multi-variable systems, just like today’s typical eCommerce websites, in determining which combination of copy text, landing page images, form layouts, and background colours generate higher conversion rates.

Here’s how we’ll convert your visitors into buyers:

  • We’ll conduct A/B or even multivariate tests on your eCommerce website, thus eliminating guesswork in determining how to increase those conversion rates.
  • We’ll perform on-site and off-site web analytics to gain a deeper understanding of web usage to aid in our optimisation operations.
  • Through our expertise in copywriting, graphics and web designing, UI designing, and website QA, we can enhance and fine tune your site to give each visitor a uniquely engaging browsing experience.
  • We can also integrate CRM (Customer Relationship Management) systems so that you’ll have the technical advantage to turn one-time buyers into repeat customers.

Ready to work with Denizon?

Contact Us Today