9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

A Definitive List of the Business Benefits of Cloud Computing ? Part 4

Lowers cost of analytics

Big data and business intelligence (BI) have become the bywords in the current global economy. As consumers today browse, buy, communicate, use their gadgets, and interact on social networks, they leave in their trail a whole lot of data that can serve as a goldmine of information organisations can glean from. With such information at the disposal of or easily obtainable by businesses, you can expect that big data solutions will be at the forefront of these organisations’ efforts to create value for the customer and gain advantage over competitors.

Research firm Gartner’s latest survey of CIOs which included 2,300 respondents from 44 countries revealed that the three top priority investments for 2012 to 2015 as rated by the CIOs surveyed are Analytics and Business Intelligence, Mobile Technologies, and Cloud Computing. In addition, Gartner predicts that about $232 million in IT spending until 2016 will be driven by big data. This is a clear indication that the intelligent use of data is going to be a defining factor in most organisations.

Yet while big data offers a lot of growth opportunities for enterprises, there remains a big question on the capability of businesses to leverage on the available data. Do they have the means to deploy the required storage, computing resources, and analytical software needed to capture value from the rapidly increasing torrent of data?

Without the appropriate analytics and BI tools, raw data will remain as it is – a potential source of valuable information but always unutilised. Only when they can take the time, complexity and expense out of processing huge datasets obtained from customers, employees, consumers in general, and sensor-embedded products can businesses hope to fully harness the power of information.

So where does the cloud fit into all these?

Access to analytics and BI solutions have all too often been limited to large corporations, and within these organisations, a few business analysts and key executives. But that could quickly become a thing of the past because the cloud can now provide exactly what big data analytics requires – the ability to draw on large amounts of data and massive computing power – at a fraction of the cost and complexity these resources once entailed.

At their end, cloud service providers already deal with the storage, hardware, software, networking and security requirements needed for BI, with the resources available on an on-demand, pay-as-you-go approach. In doing so, they make analytics and access to relevant information simplified, and therefore more ubiquitous in the long run.

As the amount of data continues to grow exponentially on a daily basis, sophisticated analytics will be a priority IT technology across all industries, with organisations scrambling to find impactful insights from big data. Cloud-based services ensure that both small and large companies can benefit from the significantly reduced costs of BI solutions as well as the quick delivery of information, allowing for precise and insightful analytics as close to real time as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Benefits of Integrating IoT and Field Service

Owing to the complexity of its definition, many people loosely use the phrase Internet of Things (IoT) without having a solid grasp of its true meaning. A majority in this category take IoT to be nothing more than the automation of home gadgets, where the internet is used to interconnect computing components embedded in everyday devices.

Granted, the whole idea of IoT got its roots from the home setting. Nevertheless, IoT has outgrown that spectrum and has since penetrated into almost every area of business and industry. By employing IoT, you can literally take full control of everything in your business using a single device. From assigning tasks to monitoring security, managing bills to tracking time, IoT has revolutionized the way business is done.

Interestingly, not so long ago, most technology experts limited their forecasts to machine-to-machine (M2M) integration and Augmented Reality (AR), which also, admittedly, hit the technology industry with an admirable suave. Back then, it could have been laughable for anyone to have suggested that IoT would be so commanding in almost every industry, including real estate, medicine, automobile, and more.

It’s not for nothing, therefore, that the field service industry has also embraced IoT, integrating it in the daily running of business activities, including tracking machine diagnostics, detecting breakdowns, and assigning field engineers to attend to customer needs.

How the Field Service Industry is Benefiting from IoT

Machine uptime has remained an ongoing concern for many customers. In the traditional approach, whenever a machine breaks down, the customer alerts the service provider and then the field service manager checks to see if there is any field engineer available for a new task. Once an engineer has been identified, he?s then dispatched to the site. This worked, but it resulted in an extended machine downtime, a terrible experience for customers.

Thanks to IoT, things are now happening differently.

IoT is now integrating machines to a central communications centre, where all alerts and status updates are sent. The notifications are instant. The field service manager, therefore, gets to learn of the status of machines at the exact time of status change. An engineer who?s not engaged would then be immediately assigned to undertake any needed servicing or repair.

By employing IoT, the service provider receives timely reports relating to diagnostics, machine uptime, part failures, and more. The field manager can, as a result, foretell and forestall any possible downtime.

How has this been helpful?

Before giving a definite answer to that question, it’s crucial to note that more than half of all field service organizations now employ IoT in their Asset Management Systems and Field Service Management. And to answer the question, all the organizations that have the two systems integrated using IoT experience twice as much efficiency as those that don’t, states an Aberdeen Group report. As you already know, improved efficiency results in a corresponding upshot in customer satisfaction.

Apps Making a Difference in IoT-Field Service

The integration of IoT into almost every aspect of business prompted the design and development of different applications to link computing devices. Since the advent of IoT, the software development for the technology has come of age. Powerful and lightweight apps that don simple yet beautiful user interfaces are now readily available at affordable price tags.

A good example of such an App is ecoVaro by Denizon.

ecoVaro not only helps businesses to monitor energy and other relevant environmental data such as Electricity, Gas, Water, Oil, Carbon, Temperature, Humidity, Solar Power, and more, but also provides analytics and comprehensive yet easy to understand reports. The data received from devices such as meters is converted into useful information that’s then presented in figures and graphs, thus allowing you to make decisions based on laid down controls.

The focus of the app is to instantly alert service engineers to go on site to fix issues.

With ecoVaro, field service engineers no longer have to return to the office to get new instructions. Also, customers don’t have to manually fire alerts to the service provider whenever something isn’t working correctly. By employing the latest in IoT, ecoVaro sends notifications to field service managers and engineers about respective customers that need support.

How ecoVaro Helps

Best-in-class companies aren’t ready to compromise on customer satisfaction. Therefore, every available avenue is used to address customer concerns with the deserved agility. By using IoT, ecoVaro makes it possible for field service providers to foresee and foreclose any possible breakdowns.

The inter-connectivity among the devices and the central communications centre results in increased revenue and improved interactivity between the system and the field engineers. This results in greater efficiency and lower downtime, which translates into improved productivity, accountability, and customer satisfaction, as well as creating a platform for a possible expansion of your customer base.

ecoVaro isn’t just about failed machines and fixes. It also provides diagnostics about connected systems and devices. With this, the diagnostics centre receives system reports in a timely manner, allowing for ease of planning and despatch of field officers where necessary.

Clearly, but using the right application, IoT can transform your business into an excellently performing field service company.

UK Government Updates ESOS Guidelines

Britain?s Environment Agency has produced an update to the ESOS guidelines previously published by the Department of Energy and Climate Change. Fortunately for businesses much of it has remained the same. Hence it is only necessary to highlight the changes here.

  1. Participants in joint ventures without a clear majority must assess themselves individually against criteria for participation, and run their own ESOS programs if they comply.
  2. If a party supplying energy to assets held in trust qualifies for ESOS then these assets must be included in its program.
  3. Total energy consumption applies only to assets held on both the 31 December 2014 and 5 December 2015 peg points. This is relevant to the construction industry where sites may exchange hands between the two dates. The definition of ?held? includes borrowed, leased, rented and used.
  4. Energy consumption while travelling by plane or ship is only relevant if either (or both) start and end-points are in the UK. Foreign travel may be voluntarily included at company discretion. The guidelines are silent regarding double counting when travelling to fellow EU states.
  5. The choice of sites to sample is at the discretion of the company and lead assessor. The findings of these audits must be applied across the board, and ?robust explanations? provided in the evidence pack for selection of specific sites. This is a departure from traditional emphasis on random.

The Environment Agency has provided the following checklist of what to keep in the evidence pack

  1. Contact details of participating and responsible undertakings
  2. Details of directors or equivalents who reviewed the assessment
  3. Written confirmation of this by these persons
  4. Contact details of lead assessor and the register they appear on
  5. Written confirmation by the assessor they signed the ESOS off
  6. Calculation of total energy consumption
  7. List of identified areas of significant consumption
  8. Details of audits and methodologies used
  9. Details of energy saving opportunities identified
  10. Details of methods used to address these opportunities / certificates
  11. Contracts covering aggregation or release of group members
  12. If less than twelve months of data used why this was so
  13. Justification for using this lesser time frame
  14. Reasons for including unverifiable data in assessments
  15. Methodology used for arriving at estimates applied
  16. If applicable, why the lead assessor overlooked a consumption profile

Check out: Ecovaro ? energy data analytics specialist 

Ready to work with Denizon?

Contact Us Today