9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

simplify those answers;
help you pick the right cloud service provider, and
even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

Check our similar posts

Server Application Solutions – Don’t Let Spreadsheets Hold Your Business Back

The problems and limitations of spreadsheet-based systems are well documented. That’s why we at Denizon have come up with ways to give you freedom from these UDAs (User Developed Applications). With the server application solutions we offer, your IT and financial system can be:

Free from spreadsheet risks;
Equipped with built-in controls that substantially reduce risks to data;
Less prone to fraud;
More suitable for regulatory compliance; and
Designed for an agile business environment;

Totally devoid of spreadsheet risks

By getting rid of spreadsheets, you also get rid of broken links, incomplete range selections, accidental deletion of cells, incorrect copy-pasting and other spreadsheet-related slip-ups.

In their place, we offer a faster but more robust and reliable centralised system. Errors are substantially minimised by built-in controls, while inconsistencies are avoided because changes made by one user are automatically reflected on the data delivered to others.

Built-in business-critical controls

Some solutions are designed to add control features on spreadsheets. We believe that such features can only be truly effective in today?s fast-paced and dynamic business environment if they are already inherent in the design of the IT solution; not something that’s merely added as an afterthought.

For one, while these band-aid solutions may succeed in adding controls, they don’t get rid of the slow, tedious, and time-consuming processes that accompany spreadsheet systems.

Less prone to fraud

Weak controls and the absence of reliable audit trails are two factors that encourage fraudsters to prey on spreadsheet systems.

With our server-based applications solutions, your data is protected by user-based access controls that allow users to see only the information that they’re supposed to see and modify data which they have been granted sufficient access rights to.

Our solutions also produce clear audit trails for painless tracking, viewing and searching of user-entered changes. This will enable you to pinpoint who changed what, as well as where and when the changes were made.

Ready for regulatory compliance and beyond

When better controls are enforced, financial reports become more reliable. That should give your company the edge it needs to easily comply with SOX as well as other regulations and, as a consequence, build stakeholder confidence.

And because our solutions can churn out accurate reports for regulation compliance at shorter turnaround times than spreadsheet systems, you end up saving more man-hours. That should give your team more time to innovate, analyse information and deliver goods or services to your customers faster.

Designed for agility

Let’s face it. Spreadsheets, which used to serve as nifty ad-hoc business tools, are no longer suitable for agile organisations. When faced with the demands of rapidly changing markets and dynamic environments, spreadsheets can instead slow a business down.

Multi-dimensional reports, dashboards, report filters, drill-downs, collaboration and automated reporting, budgeting and forecasting capabilities are needed for gaining insights and making fast critical decisions.

Sad to say, your trusty spreadsheet application is not designed to provide these features. Hence, it’s time to move on to the type of solutions that are.

Our solutions can transform your IT and financial systems and make them better-equipped to meet the demands of today?s rapidly changing economic environment. With features designed for agile businesses, our solutions can help you tackle change with ease.

Automatic consolidation eliminates errors and wasted time caused by tedious copy-pasting of data and linking of cells.

Better collaboration capabilities allows team members to bring their heads together for planning, budgeting and reporting even while on the go.

Mobility support enables users to input data or retrieve information through their wireless mobile devices.

Superior sharing features ensures that everyone is exactly on the same page and viewing real-time information.

Dashboards provide insightful information at-a-glance through KPIs, graphs and various metrics.

Drill-downs enable users to investigate unusual figures and gain a better understanding of the details that contribute to the big picture.

Easy to learn interfaces allow your organisation to cope with fast personnel turnaround or Mergers & Acquisitions.

More Spreadsheet Blogs

Spreadsheet Risks in Banks

Top 10 Disadvantages of Spreadsheets

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

How Internal Auditors can win the War against Spreadsheet Fraud

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

Still looking for a Way to Consolidate Excel Spreadsheets?

Disadvantages of Spreadsheets

Spreadsheet woes – ill equipped for an Agile Business Environment

Spreadsheet Fraud

Spreadsheet Woes – Limited features for easy adoption of a control framework

Spreadsheet woes – Burden in SOX Compliance and other Regulations

Spreadsheet Risk Issues

Server Application Solutions – Don’t let Spreadsheets hold your Business back

Why Spreadsheets can send the pillars of Solvency II crashing down

amazon.co.uk

amazon.com

Field service and improved visibility

A manager is someone who has control over a company. They are given the responsibility of overseeing what the company does and making important decisions. The manager is the most important person in the empire and needs to be in the know at all times. Not what happened a day ago but in real-time and from any place.

Information is necessary for this to happen. It needs to be concise, brief and straightforward. Ideally, access to job status, location information, customer information, notifications and location information should be on the palms of their hands.

To sum it all up, there should be fluid communication among personnel in the field. Information should be accessed easily from one place as it flows to another to maintain steady two-way communication. This is possible with automation meaning that no amount of data will be left unseen or unused because of paperwork that was never handed over or looked into, reducing the chance of misinformation or missing information to a minimum.

Ways improved visibility will help your business through Field Service

Organisations using field services will agree that improved visibility has more business benefits and the real question is what aspect needs improving rather than discussing the benefits.

Real-time visibility

Managers need to be in the know from anywhere at any time. The manager needs information about the company. The need not to be physically present to have an idea of what’s going on. They should know everything at all times, from what was planned for the day to real-time events.

All this information should be easily accessed from one central point and should contain everything about the company and other relevant information.

Extending the back office into the field

This two-way communication is virtually irreplaceable. At any time, the information should flow among technicians in the field and those in the back office. This will help to have a better idea of how to manage the workload and come up with solutions to some work-related issues.

Everyone in the team should be informed and be up to speed about real-time events. Keeping everyone updated improves visibility because they can make updates and decisions based on the kind of information they get.

No more lost paperwork

Managing paper trail can be quite a hassle for organisations. With tons of workload, there can be many delays meaning that some information might be missed or forgotten. People might also choose not to turn up for work for days on end and can affect how much info is processed. Some work can be left undone, and work not invoiced.

When organisations use field service management services, information is fed only once and everything else is done automatically. Say goodbye to lags or relying on last month?s data. Work will move faster because people will have more time to focus on important things rather than chasing an endless paper trail.

Business intelligence

Field service management technology will let you know what is being done in the field and with such an abundance of data, will make sound decisions for the business.

Every decision is hinged on cold facts. Information needs to be easily accessed and filtered into the right categories so that sound business decisions are made from the collected data.

Growing revenue

The abundance of real-time information and improved visibility can determine whether a business will grow or not. Each piece of information can show trends that are critical for any business to improve. Trends show how each sector is doing and sheds more light into specific areas that need a total overhaul. This may include improving customer service, products on retail or hiring more technicians.

Without information, a company is one step closer to going out of business. Every action should be geared to increase the revenue and this starts by making the right choices.

Visibility when working offline

Working offline is an issue that can affect visibility. Sometimes agents will need to work in areas that have little network coverage or are deep down working in tunnels or are around heavy machines and turbines. Field service solutions are built for the mobile environment and for workers who may find themselves in non-connected areas so that they can still use their device while offline. This makes sure that there is no loss of information while working in-field

Time-saving

Certainly, business is constrained to its environments and if the demand changes it should prove to be flexible enough to adjust to changes as they happen. Field service solutions operations like schedule need to update instantly. Once activities start rolling, nothing should create lags in the schedule so that operations flow seamlessly at all time.

Field workers can then make updates and document changes easily on the job site directly on their device by using responsive site menus, drastically saving time while feeding data and complete orders.

Improved customer service

It is not a clich? to say that the customer is always right. With real-time information, both field service and back-office technicians can improve customer relations and satisfaction. With a unified system of sharing information like the ERPs and CRMs, the field officer can know more about specific clients, their history and other data to know more about what should be done in current and future orders. This means that better decisions will be made for each customer.

How improved visibility benefits different parts of the organisation

Improved visibility in all areas of the business makes information more accessible. Here are some of the benefits that various sects of a business can get from improved visibility.

? The business owner
The manager owns the company and can access all information with just a single tap. A lot of data can be used to analyse the health of the venture. This includes revenue, inventory, customer surveys, employee hours, invoices and customer data.
Profitability is increased by putting more emphasis on customer satisfaction and improving the quality of end products and services.

? The service manager
The service manager can see what is going on in the field in real-time, and look into measures that can improve the productivity of staff members in various departments.
And with workflow automation, time-saving is at the maximum because there is less paperwork consequently improving scheduling and job completion rates.

? Service administrator/ dispatcher
For the team in the office, they can assign tasks faster. Scheduling is automatically done and updated in real-time. It eliminates the need for paperwork and leaves more time to be productive on other errands.

? The field technician
Improved visibility for a field worker means that they can do their best in any task. They can share or get critical information about orders and customers. This drastically improves job completion rates and customer satisfaction.

? HR
Live information can be used to track certain orders, the time it takes to complete orders, and the number of staff required in the organisation. Such data can be used in HR to reduce payroll errors and erroneous overtime costs.

? Finance
Field service management software can also benefit the finance team by automation of invoices. A work order can be tracked from start to the end and invoiced immediately to retain faster payments. Relevant data can be used to track revenue and expenditures, and costs.

Real-time visibility gives a company many solutions to manage the workload. In the end, visibility is also useful in increasing revenue and a smooth transition of information for the company.

ISO in Energy management

Every industry has its own set levels of quality that are considered acceptable or desirable. Energy performance like any other field is governed by some set standards. These differ across regions but international standards do exist.

ISO 50001 is the international energy standard applicable to both large and small organisations irrespective of geographical, cultural or social conditions. It outlines the best energy management practices that are considered to be the best by specifying that an organisation must integrate an energy management system and institute an energy policy, objectives, targets, and action plans taking into account legal requirements and information related to significant energy use. The energy standard is applicable to organisations.

What’s the importance of attaining energy certification?

ISO certification in any industry is a demonstration of quality or that a service or product meets the expected service standards. In energy management, ISO certification is a demonstration that an organisation or company has implemented sustainable energy management systems, completed a baseline of energy use and, is committed to continuously improve its energy performance. In addition, ISO certification assists organisations in the following ways:

? Organisations are able to optimise the existing energy-consuming assets

? Offers guidance on bench-marking, measuring, documenting, and reporting energy intensity improvements and their projected impact on reducing GHG emissions

? Creates transparency and facilitates communication on the management of energy resources

? Promotes energy management best practices and reinforces good energy management behaviours

? Assists facilities in evaluating and prioritising the implementation of new energy-efficient technologies

? Provides a framework for promoting energy efficiency throughout the supply chain

? Facilitates energy management improvements in the context of GHG emission reduction projects: The reduction of carbon emissions means therefore an organisation is able to meet government carbon reduction targets by demonstrating environmental credentials. The accruing benefits are many, ranging from increased investor confidence to more tender opportunities

Energy management software plays a vital role in helping organisations comply with energy standards through improved performance across the various functions in an organisation.