9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

How Sustainable is Suez Environment

French-based Suez Environment works in the water and waste-management environment, with specific reference to water production, treatment, & pollution disposal, and waste treatment, recycling, incineration and site desensitisation. Its more than 65,000 employees distributed worldwide have participated in flagship projects like Renault’s goal of 95% reclamation of vehicle parts, and Lyonnaise des Eaux?s saving of 12 million cubic meters of water in a single year.

Suez Environment claims to have consistently increased the recovery rate of treated waste, decreased direct and indirect greenhouse gas emissions, and made significant inroads into the production of sustainable energy on behalf of its clients. But then surely that’s Suez Environment’s business, and with over 65,000 employees we are entitled to expect this. Given that there have been persistent allegations of privatised water distribution bumping prices up to the detriment of the poor, how effective is Suez Environment at practising what it preaches back home?

GDF Suez is its largest shareholder and includes it under its environmental and societal responsibility umbrella. This makes environmental performance an overarching goal alongside management systems, health and safety, risk and procurement, and ethics. Its environmental ambitions spin out into the following strategies:

  • Understand the interactions between our activities and the environment
  • Open dialogue with stakeholders and foster partnerships with them
  • Set quantitative and qualitative targets at all levels of the organisation
  • Achieve optimum balance between financial and environmental challenges
  • Be proactive; anticipate impacts on the environment and plan for them
  • Increase employee awareness through interactive training and education
  • Be constantly innovative; share successes within the organisation
  • Monitor progress continuously and publish measured results achieved.

These goals direct the Suez Environment management team?s attention towards optimising performance in key areas like greenhouse gases, energy management, renewable energy, biodiversity, responsible water management, pollution prevention and health and safety considerations.

Among numerous other examples, its waste incineration programs convert hazardous and conventional waste into heat used to generate electricity without requiring virgin carbon products. Elsewhere, the same energy warms market-gardening tunnels and work places on winter days.

Suez Environment uses sophisticated energy management software to analyse information that’s transmitted by data logging devices online. ecoVaro provides a similar service in the cloud. ecoVaro adapts to your requirements providing fresh insights to your business.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
What GDPR Means in Practice for Irish Business

The General Data Protection Regulation (GDPR) is a European directive aimed at ring-fencing consumer data against illegal or unnecessary access. There is nothing to discuss or debate with local politicians, or the Irish Data Protection Commissioner for that matter. As a European directive, it has over-riding power. To obtain an English version, please visit this link, and select ?EN? from the table of languages.

As you reach for your tea, coffee or Guinness after sighting it, you will be glad to know the Irish Data Protection Commissioner has the lead in turning this into business English we understand. The following diagram should assist you to obtain a quick overview of the process we all have to go through. In this article, we briefly describe what is inside Boxes 1 to 12. The regulation comes into force on 25 May 2018 so we have less than a year to get ready.

The 12 Essential Steps to Implementing the General Data Protection Act

1. Create awareness among your people of what is coming their way. The GDPR has given our regulator discretion to dish out fines up to ?20,000,000 (or 4% of total annual global turnover, whichever is greater) so there is determination to make this happen.

2. Become accountable by understanding the consumer data you hold. Why are you retaining it, how did you obtain it, and why did you originally collect it. Now you know it is there, how much longer will you still need it? How secure is it in your hands, have you ever shared it?

3. Open a communication channel with your staff, your customers, and anyone else using the data. Share how you feel about how accountable you have been with the information in the past. Explain how you plan to comply with the GDPR in future, and what needs to change.

4. Understand the personal privacy entitlement of the subjects of the information. They have rights to access it, correct mistakes, remove information, restrict its use, decline direct marketing, and copy it to their own files. What needs to change in your systems to assure these rights?

5. Issue a policy for allowing consumers access to their information you hold. You must process requests within a month, and you may not charge for the service unless your cost is excessive. You may decline unfounded or excessive demands within your policy guidelines.

6. Adapt to the requirement that you must have a legal basis for everything you do with, and to consumer data. You need to be in a position to justify your actions to the Irish Data Protection Commissioner in the event of a complaint. Having a legitimate interest is no longer sufficient.

7. Ensure that consumer consent to collect, use, and distribute their data is ?freely given, specific, informed, and unambiguous.? From 25 May 2018 onward, this consent will be your only ground to do so. You cannot force consent. Your benchmark becomes what the GDPR says.

8. Issue rules for managing data of underage subjects. This is currently under review and we are awaiting results. Put systems in place to verify age. Set triggers for where guardians must give consent. Make sure age is verifiable. Use language young people understand.

9. Introduce a culture of openness and honesty, whereby breaches of the GDPR are detected, reported, investigated, and resolved. You will have a duty to file a GDPR report with the Data Protection Commissioner within 72 hours, thus it is important to fast track the process.

10. Introduce a policy of conducting a privacy assessment before taking new initiatives. The GDPR calls for ?privacy by deign?, and we need to engineer it in. This may be the right time to appoint a data controller in your company, and start implementing the GDPR while you have time.

11. You may also need to appoint a data protection officer depending on the size of your business. Alternatively, you need to add managing data protection compliance to an employee?s duties, or appoint an external data-protection compliance consultant.

12. Finally, and you will be glad to know this is the end of the list, the GDPR has an international flavour in that multinational organisations will report into the EU Lead Supervisory Authority. This will manage the process centrally while consulting national data authorities.

The GDPR is a project we all need to complete. If we are out of line, it is in our interests to get things straightened out. Once everything is in place, the task should not be too onerous. Getting there could be the pain.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Successful Engineer Communication With FieldElite

Technological innovations have been on the rise in the recent past. Our news media are awash with new technologies that are being released in almost every industry. From smart buildings to sophisticated gadgets, every industry has a technological invention to flaunt. 

One area in which technology has blossomed is the field service. In the field service management, things have moved a notch higher. Right from communication, document management, monitoring and evaluation, to information storage, nothing remains where it was a couple of years ago. You no longer have to carry clipboards around to do your inspections or pile files in the office. You no longer have to wait for your field service employees to return to the office before you can receive reports. By using a field service management software like FieldElite, you have it all done at a click. 

With FieldElite, you’ve got everything under control right from the comfort of your office. Provided you’re doing what you need to do and posting updates using the app, the rest will fall into place. Your employees will receive updates from you and vice versa. If there is a client who needs attention, they can easily issue a request through the app and the next available field service officer who?s within proximity will pick it up and attend to the customer?s needs. 

Everything is just a click away. Sounds great, right?

FieldElite is a robust field service management software that’s packed with a wide array of tools meant to simplify communication between the office and the field service employees. With FieldElite, you can reach all your engineers at one go. 

Below are a few of the communication features that make FieldElite the software of choice when it comes to field service management.

Simplified Communication

It’s very important to stay in touch with your engineers in the field to monitor the ongoing activities. For this reason, you need to choose a platform that doesn’t complicate the process. You don’t want important information to reach your team late. That would drag your activities.

Fast and effective communication is, therefore, very key in field service. FieldElite has consequently been made to simplify communication in the field service. Its simplicity can be compared to the usual consumer messaging apps. On the back-end, however, there are very many complex procedures executed through refined algorithms meant to process information and generate instant reports for engineers, supervisors, and the rest of the company team members.  

With the FieldElite app, communication is as easy as dropping a message in the team members? inbox. Again, the app?s communication system is centralised and, thus, every communication trail is easily retrievable. You don’t need different apps for messaging, audio and video calling, and document sharing. You have it all in FieldElite. Simply put, FieldElite is an all-in-one field service management tool that ropes in all essential digital modes of communication. 

But what’s the benefit of having all work-related communication in one place? 

With an all-in-one communication platform like FieldElite, you’ll cut down on wasted time and field tech frustration. Again, any urgent information will reach your engineers on time, and none of them will be left out. What’s more? With effective communication, expect the performance of your team to shoot up. 

Consistent Communication

Field technicians, in this case engineers, need to be kept on toes to get the job done. You can only achieve this by communicating with them more often. Therefore, you need a field service management platform that can offer you that. Most field service management software facilitates constant communication with team members in the field. Even so, not all are as good as you expect. So, you’ve got to be a bit more critical when choosing a field service management software for your business. 

A good field service management software is one that enables you to regularly check in with field techs to make sure that they have everything they need. With FieldElite, you can achieve more than this. FieldElite app allows you to communicate with your engineers from time to time through messages, calls, or shared documents. Again, the team gets information at the same time. 

So, how important is regular communication with your business? 

Keeping in touch with your team members in the field helps you build strong relationships with them. Additionally, you can easily spot areas that need improvement that otherwise could have been hidden from your viewpoint. What’s more? Employees feel valued when you check on them from time to time. As a result, this will boost their overall productivity, which contributes positively to the well-being of your business.

So, take your business to another level by making use of FieldElite communication tools to reach out to your engineers at any time.

Two-Way Communication

Communication in field service can only be successful if you can get feedback from your field techs. As such, the field management software should make it easier for your engineers to notify you of anything that needs urgent attention. With the FieldElite app?s communication features, your engineers can give you real-time updates from any device. The app is compatible with any android device, and, therefore, the field techs can use their smart handsets to communicate important information. 

The messaging and calling features are easy to manipulate, and with a little training, anyone can use them easily. Again, FieldElite allows you to make group calls or send many messages at the same time. Therefore, in case you?d like to talk to the entire team, you can choose to make a group call or send out bulk messages. 

Real-Time Updates

With FieldElite, you don’t need to wait until you meet your team to communicate any changes. You can notify your team on any work-related changes anytime, and as many times as is necessary. The good thing about FieldElite is that the information reaches all your engineers instantly and at the same time. Provided there?s strong network coverage, you’ll not have to deal with delayed communication. Again, your field techs can always get back to you in case they need clarifications on some matters.

Timely updates are very necessary for field service management. Field techs that get real-time updates tend to be more productive than those who get information late. At least they can make necessary changes on time to avoid wasting time on tasks that aren’t urgent. Therefore, make use of FieldElite communication features to keep your engineers updated.

Would you like to take your business to another level? Well, it’s time to improve communication with your field techs. Get the FieldElite android app for successful communication with your engineers.

Ready to work with Denizon?

Contact Us Today