9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

IT Transformation Defined

Businesses depend on IT to effectively manage business processes and to provide products and services to clients. As IT technologies advance, it is crucial that businesses update their hardware to remain competitive. But businesses should do more than simply upgrade their servers and should really strive to effect IT transformation.

What is IT Transformation?

IT transformation is the ongoing process of changing the way that a company uses IT to better align it with current business goals. Through the IT transformation process, businesses try to determine whether they are meeting mission-critical benchmarks through the incorporation of new IT technologies for corporate transformation.

For example, if one of the current business concerns is whether the company can improve customer service, the IT system will need to evolve in such a way that improves customer service in a measurable way.

Successfully Aligning the Technology to Business Goals

In order to successfully align the IT system with business goals, it is important to understand the newly integrated technologies to understand how they can change business processes. If a new feature is intended to make the server more secure, the management should know exactly how the feature will improve the security of the server and whether the new implementation is redundant.

Once the business objectives have been identified, IT transformation is carried out by changing both the software and hardware used by the company. An example would be the growing trend of server migration to the cloud. Cloud computing is the growing trend of making files and data accessible from anywhere. If an organisation believes that it can improve productivity through a server cloud migration, it will need a way to test this.

The IT Transformation Process

Given that IT transformation is directly related to the core business, the IT transformation process must begin by identifying which aspects of the company must be changed. Then, the company must determine?IT services that could potentially be integrated into the business in a way that will help the company achieve benchmarks. After the key decision-makers understand the IT network well enough to effectively implement it, the company must efficiently manage the transformation process. Then, after the IT has been integrated, the company must have a system in place to measure business transformation in a numerical way.

For example, when assessing customer satisfaction, one effective strategy would be to distribute customer satisfaction surveys that ask customers to rate their experiences on a scale of one to ten. The company can then measure the results of the customer satisfaction survey to determine whether the new IT implementations are accomplishing their intended goals.

If the expected benchmarks are not being met, the next step in the IT transformation process is to determine if there is a specific reason for that. Is there a way that the feature can be better integrated to achieve desired business objectives? Are there other features that can help the company better achieve its goals?

Upgrading a network can be an expensive process and it is important to identify early on which options are the most likely to benefit the company’s bottom line.

Energy efficiency- succeed and benefit

Energy is neither created nor destroyed; it is only transformed. This being the law of conservation of energy, and given that the process of transforming energy is inefficient resulting in loss of usable energy in the process of transforming one form of energy into another form, Energy Efficiency finds a home.
Talking of Energy efficiency, think of how much useful energy can be obtained from a system or a particular technology. It is also about the use of technology that requires a lesser amount of energy to carry out the same task.

Energy efficiency is the responsibility of both demand side and supply side. Supply-side energy efficiency refers to a set of actions taken to ensure efficiency through the electricity supply chain. Supply side efficiency measures are about efficiency in electricity generation; be it operation and maintenance of existing equipment or upgrading existing equipment with state-of-the-art energy-efficient generating equipment.

The demand side energy efficiency on the other hand refers to the actions taken to use less/demand less energy. Think of less energy usage in relation to improvement of energy efficiency in buildings, solar water heaters, energy efficient lighting systems such as Compact Fluorescent Lamps, conducting energy audits to identify potential energy saving opportunities, efficient water heating systems and the list is endless.

Success of energy efficiency is a win ? win to YOU-ME-US – the energy consumers, to THEM the energy producers and suppliers and to our precious ENVIRONMENT.
Gain to energy suppliers: – Less energy usage and better energy usage patterns among consumers consequently reduces the customer load which reduces losses on the supply side. Less energy loss creates capacity on the system to serve more customers.

Gain to you-me-us: – Less energy usage and better energy usage patterns Benefits the customer through reduced Electricity bills / $ savings through lower bills.

Benefits to the environment: – Usage of less energy reduces use of fossil fuels, hence reduction in GHG emissions hence conserving our environment. Companies look at means to make rational use of their least efficient generating equipment. The objective is to improve the operation and maintenance of existing equipment or upgrade it with state-of-the-art energy-efficient technologies. Some companies have on-site electricity generation alternatives and thus tend to consider the supply side in addition to demand-side energy efficiency.

Eliminate The Complexities Of Your IT System

There may have been times when you actually spent on the right IT system but didn’t have adequate expertise to instil the appropriate learning curve for your end users. Oftentimes, users find a new system too complicated and end up spending more hours familiarising with intricate processes than is economically acceptable.

There are also applications that are just too inherently sophisticated that, even after the period of familiarisation, a lot of time is still spent managing or even just using them. Therefore, at the end of each day, your administrators and users aren’t able to complete much business-related tasks.

The first scenario can be solved by providing adequate training and tech support. The second might require enhancements or, in extreme cases, an overhaul of the technology itself.

For instance, consider what happens right after the conclusion of a merger and acquisition (M&A). CIOs from both sides and their teams will have to work hard to bring disparate technologies together. The objective is to hide these complexities and allow customers, managers, suppliers and other stakeholders to get hold of relevant information with as little disruption as possible.

One solution would be to implement Data Warehousing, OLAP, and Business Intelligence (BI) technologies to handle extremely massive data and present them into usable information.

These are just some of the many scenarios where you’ll need our expertise to eliminate the complexities that can slow your operations down.

Here are some of the solutions and benefits we can offer when we start working with you:

  • Consolidated hardware, storage, applications, databases, and processes for easier and more efficient management at a fraction of the usual cost.
  • BI (Business Intelligence) technologies for improved quality of service and for your people, particularly your managers, to focus on making decisions and not just filtering out data.
  • Training, workshops, and discussions that provide a clear presentation of the inter-dependencies among applications, infrastructure, and the business processes they support.
  • Increased automation of various processes resulting in shorter administration time. This will free your administrators and allow them to shift their attention to innovative endeavours.

Find out how we can increase your efficiency even more:

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today