9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Outsourcing

Are you ready to outsource? Do you even need to outsource? We’ll help you answer those and other questions regarding outsourcing and your company.

Once we’ve determined that outsourcing will render your organisation more focused on your core competencies, more cost-effective, and more flexible, we’ll offer you the full spectrum of our services. Our specialists can assist you in every stage of the entire outsourcing life-cycle.

Starting from evaluating what can be outsourced, through finding the right outsourcing service provider, building the contract and agreements, getting everything in place, and managing the outsourcing relationship – we’ll be with you every step of the way.

Learn more about some of the outsourcing services we offer:

Outsourcing Contracts and Agreements

When an outsourcing project fails, both customer and service provider are quick to put the blame on the other party. But in most cases, the actual culprit was really just sitting there since day one – a poorly planned and implemented agreement.

We understand how costly and disruptive a failed outsourcing project can be for your business. That is why we put utmost attention to each contract and SLA (Service Level Agreement) that our customers enter into. This always reduces the likelihood of having unmet expectations, one of the major reasons why some outsourcing relationships fail.

We make sure that each agreement is fair, not only for our customers but also for the service providers themselves. Why? Because a disadvantaged provider will most likely end up delivering poor service as an offshoot of efforts to improve its profitability and ROI.

To accomplish this, we’ll thoroughly assess the infrastructure, resources, and expertise of your potential service provider to ensure they have the capability to meet your expectations. We’ll also make sure that their expectations are realistic and clear to you as well.

Here’s what you can expect from us when we start managing your outsourcing contracts and agreements:

  • A thorough assessment of your specific needs and the service provider’s profile to determine whether you have the right match before proceeding with any agreement.
  • Professional assistance when the time comes for you to discuss the scope of work, expected service levels, and when negotiating for appropriate pricing. We’ll also help you set up provisions for possible changes in the scope later on.
  • Expert counsel during drafting and finalisation of the contract and Service Level Agreements. Whenever applicable, we’ll help you propose penalties whenever service levels are not met and rewards when they are exceeded.
  • Regular reviews to determine whether everything agreed upon in the past, like pricing and service levels, are still realistic or competitive enough in view of current technological advancements and the prevailing social and economic environment.
  • Mediation expertise whenever the outsourcing project appears to be falling apart. We’ll work with you and the service provider to resolve conflicts and avoid the expensive exercise of having to terminate the contract. But if the best solution is to part ways, we’ll make sure you make an exit with the least disruption, missed opportunities and financial loss.

Application Outsourcing

I’m sure you’ve come to realise that to gain competitive advantage these days, you really need to invest in IT applications.

There are applications for enhancing your customer relationships, speeding up production, streamlining processes, advancing collaboration, protecting your systems from malware and many more. Selecting the right application, testing it, implementing it into your system, and then managing it can deviate resources which would have otherwise been used in other areas to build business value, increase profits, and enhance innovation.

Wouldn’t it be nice to unload yourself of the management processes which usually accompany IT applications? Actually, you can – through application outsourcing. Application outsourcing providers possess the expertise to either partially or fully assume responsibility of your IT applications.

Our job is to see to it that you link up with the provider who can best answer your needs. The overall proficiency of these providers spans both proprietary and opensource solutions, allowing them to cater to a wide range of preferences and budgetary limits. At the very least, they can provide professional support for well established applications.

If needed, they can develop applications for your organisation, taking charge of every step in the system development life-cycle: starting from system initiation, requirements analysis, through design, construction, acceptance and eventually to implementation.

Here are some of the benefits you can enjoy once we start managing your application outsourcing initiatives:

  • Freedom from time-consuming tasks such as installations, upgrades, configurations and repairs.
  • Reduced total cost of ownership (TCO).
  • 24/7 support from well-trained personnel. This can substantially cut downtimes caused by inexperienced troubleshooting.
  • The option to have your applications housed in more secure and reliable environments with much higher availability and much lower planned/unplanned downtimes.
  • Dedicated specialists who can focus on providing better regulatory compliance and risk mitigation initiatives.

Infrastructure Outsourcing

Keeping up with the competition nowadays usually requires technological advancements as well as the capability to manage and maintain the infrastructure that has to support them. These undertakings can suck your resources dry.

If you’re looking to reduce costs even while improving the performance of your networks, servers, databases, firewalls, desktops and mobile devices, you might want to consider IT infrastructure outsourcing among your top options. Infrastructure outsourcing service providers have the resources dedicated to a stable, secure, scalable and always available IT infrastructure.

Typical service provider facilities include data centrers equipped with high-speed networks, reliable power, dependable security, as well as provisions for upgrades, consolidation, disaster recovery, or even business continuity.

These providers employ specialists and staff who can manage and maintain all of these for you. While your provider juggles your core IT-related tasks, you can keep your eye on the ball and refocus on your company’s business goals.

Here are some of the benefits you can enjoy out of infrastructure outsourcing:

  • Freedom from time-consuming tasks such as installations, upgrades, configurations and repairs.
  • Since service providers, who are expected to have better horizontal and vertical scalability, will deal with the technological intricacies, your company’s strategic development initiatives can proceed unhampered.
  • Greatly reduced electricity expenses as a result of consolidation.
  • Easier, faster, cheaper, and more reliable disaster-recovery solutions through virtualisation.
  • Lesser risks of disruptions caused by power outages, cyber attacks, or Internet connection downtimes.

Business Process Outsourcing

With the sheer number of business processes your company has to attend to, it wouldn’t be surprising if you rarely have room to innovate.

Through business process outsourcing, we can free a considerable part of your financial and manpower resources which are currently focused on routine activities. With more resources to drive innovative initiatives, you’ll be able to accelerate production, improve customer service, enhance overall business value, and arrive at a stronger bottom line.

Some of the business processes that may be outsourced include data entry, finance and accounting, form processing, procurement, and HR, among others. If you’re interested in finding answers to the what, how, who, and where of BPO, specific to your organisation, we’ll be happy to enlighten you.

Here are some of the benefits you can enjoy once we start managing your BPO initiatives:

  • Professional guidance to ensure that your BPO undertakings will really result in substantial savings and significant improvements to your organisation’s business value.
  • Careful monitoring of service levels to ensure faster turnaround, accurate data, and high quality outputs.
  • Expert evaluation of information handling processes to guarantee full confidentiality.
  • Professional and unbiased management dedicated to establishing a strong, reliable, and fruitful relationship between you and your provider.
Systems Integration as a means to cost reduction

System integration in an organisation refers to a process whereby two or more separate systems are brought together for the purpose of pooling the value in the separate systems into one main system. A key component of process consolidation within any organisation is the utilisation of IT as a means to achieve this end. As such, system integration as a means to cost reduction offers organisations the opportunity to adopt and implement lean principles with the attendant benefits. The implementation of lean techniques requires an adherence to stated methods to facilitate the elimination of wastage in the production of goods and services. In summary, the lean philosophy seeks to optimise the speed of good and service production, through the elimination of waste.

While analysing some of the traditional sources of waste in organisational activities, things like overproduction, inventory, underutilised ideas, transmission of information and ideas, transportation of people and material, time wastage and over-processing stand out. The fact is that companies can eliminate a significant portion of waste through the utilisation of IT to consolidate processes within their organisation.

Adopting lean principles calls for the identification of all of the steps in the company value stream for each product family for the purpose of the eliminating the steps that do not create any value. In other words, this step calls for the elimination of redundant steps in the process flow. This is exactly what the utilisation of IT to consolidate processes offers a company. For instance, the adoption of a central cloud system across a large organisation with several facilities could increase efficiencies in that company. Such a company would drastically reduce the redundancies that used to exist in the different facilities, eliminate the instances of hardware and software purchase, maintenance and upgrade, modernise quality assurances processes and identify further opportunities for improvement.

Perhaps, from the company’s point of view, and from the perspective of lean process implementation, the most important factor is?the effect it has?on the bottom line.’reducing the number of hardware, eliminating the need for maintaining and upgrading hardware, removing the necessity for software purchase and upgrade across facilities also contributes to a significant reduction in operational costs.?This reduction in the cost of operations leads to a corresponding increase in the profit margin of the company.

Applying system integration as a means to cost reduction can also lead to the reduction in the number of people needed to operate the previous systems that have been integrated into one primary unit. Usually, companies must hire people with specialised knowledge to operate and maintain the various systems. Such employees must also receive special training and frequent ongoing education to constantly stay informed of the latest trends in process management. With the integration of the system, the number of people needed to maintain the central system will be significantly reduced, also improving the security of information and other company trade secrets.

Based on an analysis of the specific needs that exist in a particular company environment, a system integration method that is peculiar to the needs of that organisation will be worked out. Some companies may find it more cost-effective to use the services of independent cloud service providers. Others with more resources and facilities may decide to set up their own cloud service systems. Often, private cloud service system capabilities far exceed the requirements of the initiating company, meaning that they could decide to “sell” the extra “space” on their cloud network to other interested parties.

A company that fully applies the lean principles towards the integration of its systems will be able to take on additional tasks as a result of the system consolidation. This leads to an increase in performance, and more efficiency due to the seamless syncing of information in a timely and uniform manner.

Companies have to combine a top-down and a bottom-up approach towards their system integration methods. A top-down approach simply utilises the overall system structure that is already in place as a starting point, or as a foundation. The bottom-up approach seeks to design new systems for integration into the system. Other methods of system integration include the vertical, star and horizontal integration methods. In the horizontal method, a specified subsystem is used as an interface for communication between other subsystems. For the star system integration method, the subsystems are connected to the system in a manner that resembles the depiction of a star; hence, the name. Vertical integration refers to the method of the integration of subsystems based on an analysis of their functionality.

The key to successful system integration for the purpose of cost reduction is to take a manual approach towards identifying the various applicable lean principles, with respect to the system integration process. For instance, when value has been specified, it becomes easier to identify value streams. The other process of removing unnecessary or redundant steps will be easier to follow when the whole project is viewed from the whole, rather than’the part. Creating an integrated system needs some?patience?in order to work out kinks and achieve the desired perfect value that creates no waste.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Mobile Security

Today’s advanced enterprises make extensive use of mobile devices in order for team members to exchange information, collaborate, and carry out business whenever and wherever they need to. BlackBerries, iPhones, Google Phones, and other smartphones as well as PocketPCs and PDAs are now allowed wireless remote access to the enterprise network.

As a result, they introduce additional vulnerabilities into the system.

  • Bluetooth exploits and unencrypted passwords can allow malicious individuals to gain access to private information.
  • Various wireless technologies that have substantially simplified the task of transferring data have provided openings for malicious code. In addition, the diversity of these wireless technologies combined with the constrained environments of these devices have made it difficult to come up with an all-in-one solution.
  • All PocketPCs, PDAs and smartphones can be synchronised with PCs and laptops, giving malware an entry point into computers and networks. Memory cards are guilty of this too.
  • VoIP, which are usually unencrypted, allow other people to perform unauthorised capture and recording of private conversations.

Mobile security is still an emerging discipline. Because of this, many organisations that allow members’ mobile phone access into the network don’t actually have a specific security policy for such devices.

That’s why we’re here to help. We’ll conduct a thorough evaluation of your security policies and systems in relation to mobile devices and seal gaps we spot along the way. If you don’t have the needed policies or if what you have needs an overhaul, we’ll set everything up (including the needed applications and infrastructure) for you.

Once we’ve got everything in place, you won’t have to worry about the vulnerabilities mentioned earlier. In addition to that, your organisation will already be capable of preventing the following:

  • Access to company information when the phone ends up in the hands of anyone other than the authorised user.
  • Being billed for phone usage due to virus activity
  • Unauthorised phone activity monitoring through spyware
  • Other disruptions caused by mobile-based malware

Other defences we’re capable of putting up include:

Ready to work with Denizon?