9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

How Mid-South Metallurgical cut Energy Use by 22%

Mid-South in Murfreesboro, Tennessee operates a high-energy plant providing precision heat treatments for high-speed tools – and also metal annealing and straightening services. This was a great business to be in before the energy crisis struck. That was about the same time the 2009 recession arrived. In no time at all the market was down 30%.

Investors had a pile of capital sunk into Mid-South?s three facilities spread across 21,000 square feet (2,000 square meters) of enclosed space. Within them, a number of twenty-five horsepower compressors plus a variety of electric, vacuum and atmospheric furnaces pumped out heat 27/7, 52 weeks a year. After the company called in the U.S. Department of Energy for assistance, several possibilities presented.

Insulate the Barium Chloride Salt Baths

The barium chloride salt baths used in the heat treatment process and operating at 1600?F (870?C) were a natural choice, since they could not be cooled below 1200?F (650?C) when out of use without hardening the barium chloride and clogging up the system. The amount of energy taken to prevent this came down considerably after they covered and insulated them. The recurring annual electricity saving was $53,000.

Manage Electrical Demand & Power

The utility delivers 480 volts of power to the three plants that between them consume between 825- and 875-kilowatt hours depending on the season. Prior to the energy crisis Mid-South Metallurgical regarded this level of consumption as a given. Following on the Department of Energy survey the company replaced the laminar flow burner tips with cyclonic burner ones, and implemented a number of other modifications to enhance thermal efficiency further. The overall natural gas reduction was 20%.

Implement Large Scale Site Lighting Upgrade

The 24/7 nature of the business makes lighting costs a significant factor. Prior to the energy upgrade this came from 44 older-type 400-watt metal halide fixtures. By replacing these with 88 x 8-foot (2.5 meter) fluorescent fittings Mid-South lowered maintenance and operating costs by 52%

The Mid-South Metallurgical Trophy Cabinet

These three improvements cut energy use by 22%, reduced peak electrical demand by 21% and brought total energy costs down 18%. Mid-South continues to monitor energy consumption at each strategic point, as it continues to seek out even greater energy efficiency in conjunction with its people.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Key Steps to Complying with ESOS

Energy Savings Opportunity Scheme has already been launched. In fact, it is by now in its initial phase. However, many businesses are still not aware of the new scheme, especially those who are covered by the qualifications for ESOS. To help them understand what they need to do in compliance to the energy efficiency strategy, here are key steps they can follow along the way.

Measure Overall Energy Consumption

The first step to complying with ESOS is to make an initial estimate of the business? energy consumption. This includes measuring the use of electricity, renewable energy, combustible fuels and all other forms of energy consumed whether in buildings, transports and industrial processes.

Three important factors to consider are the measurement units used, the reference period and quality of data. Energy units, such as MWh and GJ, or energy expenditure costs should be applied. Business enterprises should also do the initial measurement within a reference period of 12 months. Moreover, data collected should be verifiable at hand.

Identify Areas of Significant Energy Consumption

When the total energy consumption for all the activities and assets has already been estimated, it’s then time to identify what areas in the organisation comprise the significant portion of the overall energy usage. The areas recognised should cover at least 90% of the overall consumption. Meaning to say, ESOS participants have the chance to omit 10% of the energy consumption and instead focus on the 90%. This would ensure that subsequent energy audits will be cost-effective and proportionate.

Consider and Choose Compliance Routes

In order to comply with ESOS, qualified businesses should consider what compliance routes to take. These routes include taking series of energy audits, operating and implementing a certified ISO 50001 energy management system, acquiring Display Energy Certificates (DECs) and working with Green Deal assessments. Whichever route the business takes, one should maintain credible evidences, along with helpful documents, to certify their compliance.

Report the Compliance

Except when the large enterprise covers all the significant areas of energy consumption by means of ISO 50001 certification, one should appoint a lead assessor to supervise, conduct and review the organisation’s chosen ESOS compliance route. In this case, the approved assessments should then be signed off at board level to ensure that the conclusions and recommendations for energy savings are properly carried. To confirm their compliance, the business should submit a formal notification to the Environment Agency.

Because ESOS is not just an opportunity but also an obligation, it designated compliance bodies and gave them the authority to file civil penalties towards those who fail to comply with the scheme. Not only that, these appropriate authorities have the right to publish information about non-compliant enterprises including their name, details of non-compliance and corresponding penalty amount. Among these UK compliance bodies are Natural Resources Wales, Environment Agency in England, The Scottish Environment Protection Agency (SEPA) and Northern Ireland Environment Agency.

So, if you are covered with the ESOS qualifications, make sure to be informed. As the famous saying goes, ?Ignorance of the law excuses no one.? Likewise, awareness of ESOS is a responsibility every large business in UK should give importance to.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Introduction to Matrix Management

A leader is responsible to empower his people and get the best out of them. Yet an organisational structure can either help or hamper performance. Worst, it can make or break success.

Looking at the fast-changing world of the global economy, whatsoever slows up and obstructs decision-making is a challenge. Hierarchical management is rather unattractive and functional silos are unlikable. Instead, employees desire to create teams equipped with flexibility, cooperation and coordination.

Recognising that companies have both vertical and horizontal chains of command, the matrix model is created. The concept of this principle lies in the ability to manage the collaboration of people across various functions and achieve strategic objectives through key projects.

Consider this scenario:

Ian is a sales executive of a company. His role is to sell a new product under the supervision of a product manager. The manager is expert about the product and she is accountable to coordinate the people across the organisation, making sure the product is achieved.

Moreover, Ian also reports to the sales manager who oversees his overall performance, monitors his pay and benefits and guides his personal development.

Complicated it may seem but this set-up is common to companies that seek to maximise the effect of expert product managers, without compromising the function of the staffing overhead in control of the organisation. This is a successful approach to management known as Matrix Management.

Matrix Management Defined

Matrix management is a type of organisational management wherein employees of similar skills are shared for work assignments. Simply stated, it is a structure in which the workforce reports to multiple managers of different roles.

For example, a team of engineers work under the supervision of their department head, which is the engineering manager. However, the same people from the engineering department may be assigned to other projects where they report to the project manager. Thus, while working on a designated project, each engineer has to work under various managers to accomplish the job.

Historical Background

Although some critics say that matrix management was first adopted in the Second World War, its origins can be traced more reliably to the US space programme of the 1960’s when President Kennedy has drawn his vision of putting a man on the moon. In order to accomplish the objective, NASA revolutionised its approach on the project leading to the consequent birth of ?matrix organisation?. This strategic method facilitated the energy, creativity and decision-making to triumph the grand vision.

In the 1970’s, matrix organisation received huge attention as the only new form of organisation in the twentieth century. In fact it was applied by Digital Equipment, Xerox, and Citibank. Despite its initial success, the enthusiasm of corporations with regards to matrix organisation declined in the 1980’s, largely because it was complex.

Furthermore, the drive for motivating people to work creatively and flexibly has only strengthened. And by the 1990’s, the evolution of matrix management geared towards creation and empowerment of virtual teams that focused on customer service and speedy delivery.

Although all forms of matrix has loopholes and flaws, research says that until today, matrix management is still the leading approach used by companies to achieve organisational goals.

Ready to work with Denizon?

Contact Us Today