9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Recognizing Your Carbon Footprint

Countless times we have heard of the term ?carbon footprint?. Perhaps we have seen and heard it on TV or read it in newspapers, magazines and published articles. Indeed, it has been an expression familiar to everyone as it is always associated with climate change, carbon emissions, global warming, pollution and other environmental issues. Carbon footprint is real. It exists and, in fact, continues to affect the world we live in.

Defining Carbon Footprint

Two essential words comprise the term carbon footprint. Fundamentally, ?carbon? means the carbon dioxide circulating in the atmosphere. It is also the general word used for other greenhouse gasses emitted into the air. On the other note, ?footprint? refers to impact or effect.

Think about the footprints people leave on the beach sand upon walking on the shore. That is exactly what carbon footprint is like. It’s about the impact humans leave on the earth in the form of carbon dioxide and other greenhouse gases.

Calculating Your Personal Carbon Footprint

The food we eat, products we use, vehicles we ride on and electricity we consume emit carbon dioxide. In fact, our activities, lifestyle, homes, and countries contribute to climate change. And carbon footprint is the best estimate we can get of the full impact our doings affect the earth. It quantifies the amount of our carbon emission. With this, knowing how to calculate your personal carbon footprint is important.

There are various standards in calculating one?s carbon footprint. There is the so-called ?lifestyle assessment? and the input-output analysis. Lifestyle assessment works by adding up all the feasible emission pathways while the input-output analysis involves determining the total emissions of a particular country, dividing it by the carbon-emitting sectors and estimating the overall emissions of each sector. The input-output analysis makes sure that no emission pathway is missed out.

Calculating your carbon footprint manually is an effective way for you to understand your emissions better. You just need a lot of patience to learn how each footprint is generated. Moreover, there are also several resources online that can help you calculate your carbon footprint. Online carbon calculators are abundant across the web. To make your life simpler, you can opt to try those online calculators and easily determine your carbon emissions. However, such calculators vary in scope. So make sure that the online carbon calculator, you choose, is one that?includes emissions both direct and indirect.

Avoiding Toe Prints

A toe print is a portion of a footprint. Sometimes, people are misled in their calculations because they only get a carbon toe print instead of a footprint. The idea is that, you should cover a smart scope of your carbon emissions. Not only measuring a portion, but the whole.

Say for example, running a conventional car. The carbon emitted from the car is not only the fuel combustion from the diesel or petrol.? Likewise, the carbon released as the gas was processed and transported to your nearby gasoline station is also an addition to your carbon footprint. If you do not understand this, you will end up calculating your direct emissions while neglecting the indirect ones.

Be wise in calculating your carbon footprint. And when in doubt, whether you are an individual or a business entity, you should seek help from experts who can do it right.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
8 Reasons why you Need to Undertake Technical and Application Assessments

Are your information assets enabling you to operate more cost-effectively or are they just drawing in more risks than you are actually aware of? Obviously, you now need to get a better picture of those assets to see if your IT investments are giving you the benefits you were expecting and to help you identify areas where improvements should be made.

The best way to get the answers to those questions is through technical and application assessments. In this post, we?ll identify 8 good reasons why it is now imperative to undertake such assessments.

1. Address known issues – Perhaps the most common reason that drives companies to undertake a technology/application assessment is to identify the causes of existing issues such as those related to data accessibility, hardware and software scalability, and performance.

2. Cut down liabilities and risks – Unless you know what and where the risks are, there is no way you can implement an appropriate risk mitigation strategy. A technology and application assessment will enable you to thoroughly test and examine your information systems to see where your business-critical areas and points of failure are and subsequently allow you to act on them.

3. Discover emerging risks – Some risks may not yet be as threatening as others. But it would certainly be reassuring to be aware if any exist. That way, you can either nip them in the bud or keep them monitored.

4. Comply with regulations – Regulations like SOX require you to establish adequate internal controls to achieve compliance. Other regulations call for the protection of personally identifiable information. Assessments will help you pinpoint processes that lack controls, identify data that need protection, and areas that don’t meet regulatory requirements. This will enable you to act accordingly and keep your company away from tedious, time-consuming and costly sanctions.

5. Enhance performance – Poor performance is not always caused by an ageing hardware or an overloaded infrastructure. Sometimes, the culprits are: unsuitable configuration settings, inappropriate security policies, or misplaced business logic. A well-executed assessment can provide enough information that would lead to a more cost-effective action plan and help you avoid an expensive but useless purchase.

6. Improve interoperability – Disparate technologies working completely separate from each other may be preventing you from realising the maximum potential of your entire IT ecosystem. If you can examine your IT systems, you may be able to discover ways to make them interoperate and in turn harness untapped capabilities of already existing assets.

7. Ensure alignment of IT with business goals – An important factor in achieving IT governance is the proper alignment of IT with business goals. IT processes need to be assessed regularly to ensure that this alignment continues to exist. If it does not, then necessary adjustments can be made.

8. Provide assurance to customers and investors – Escalating cases of data breaches and identity theft are making customers and investors more conscious with a company?s capability of preserving the confidentiality of sensitive information. By conducting regular assessments, you can show your customers and investors concrete steps for keeping sensitive information confidential.

Enhance and Streamline IT Processes

You can’t be assured of a competitive advantage by just buying the latest technology. Your top competitor can easily match that feat by simply spending as much on the same tools. To be always at least a step ahead, you’ll need to perform tweaks on your IT processes aligned with the strengths of your organisation.

IT solutions are like a pair of sneakers. If they fit perfectly, they’ll help you run the extra mile. If they don’t, you can develop blisters faster than you can reach a single mile.

In all our efforts to enhance and streamline your IT processes, we’ll start by looking at all your logistical advantages, limitations, and objectives to determine which technologies suit you best. Once we’ve obtained them, we’ll perform the appropriate customisation to make them perform optimally under the conditions unique to your organisation.

Below are just some of the enhancements we can apply to your organisation:

  • Put up application and systems monitoring to identify bottlenecks and underutilised resources in your IT infrastructure.
  • Propose areas where you can plough back the generated savings to further improve your ROI.
  • Take scalability into consideration when pushing for certain IT investments to ensure that the IT solution will work for your organisation not only today but even as your organisation grows.
  • Introduce mobile-capable enterprise-class IT solutions that allow seamless collaboration between team members working at different locations on the globe so that pressing matters can be resolved and decisions can be arrived at as quickly as possible.
  • Integrate Business Intelligence into your IT system so that massive collections of data can be processed into insightful information which managers can draw on to make intuitive decisions.
  • Introduce avant-garde solutions, like virtualisation and infrastructure sharing, which may require large scale changes but can also significantly reduce operational costs.

Find out how we can increase your efficiency even more:

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today