9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

What are the benefits of digital forms data collection
Field Service Workers are regularly engaged to collect data or carry out inspections and assessments when visiting customer sites or remote area locations. The data collected by Field Service workers, will be used by businesses who will analyse, process and build reports based on the large volumes of data collected. The accuracy and reliability of data collected is vitally important. Traditionally businesses may have deployed mail surveys, telephone interviews, door-to-door surveys and interviews performed by Field Workers to collect data. Digital Transformation is gradually changing many business operations and a great deal of processes which were traditionally executed manually are now accomplished making use of digital methods. Technology is having a major impact not only how businesses research and analyse data, but primarily how data and information is collected. New tools and processes to data collection are improving data collection and analysis, leading to dramatic improvements and maximisation and optimisation of resources and operations. Utilising Digital Data Collection methods enables organisations to not only obtain results quicker but also use the data to make data based decisions faster.

What is a Digital Form?

Digital Forms, also known as Mobile Forms are electronic versions of paper forms that can be completed using:
  • Laptop
  • Tablet
  • Smart Phone
  • Any Mobile Device

Why Use Digital Forms ?

Digital forms can be a simple yet highly effective solution to overcome the challenges presented by paper based forms. Digital forms can be filled out directly using Smart phones and tablets in the field
  • When not connected to the internet or even low speed internet connections
  • When working in remote locations
  • To avoid damage, illegible handwriting or even lost and misplaced forms.
Digital forms can also include data validation logic to ensure field workers complete every form as expected and required, which will enforce and ensure data integrity . Field Service teams appreciate these features and help ensure the validity and accuracy of the data and insights they collect and can be confident regarding making business critical data based decisions. Data and Information collected using mobile forms can be accessible in near real-time, helps enable field teams to sidestep potential obstacles to productivity, and act on opportunities and increasing business agility.

Advantages of Digital Forms

Time and Cost Saving

Using Digital Forms instead of paper-based forms provides a significant impact on improving time and cost savings on printing, storing and distribution costs. Businesses also spend a significant amount of time and money in Administration and double data entry processes incurred by paper based forms. Transferring information from paper based surveys is an error prone process.
Digital Forms can save up to 20 man hours a week in administration costs

Improve data accuracy

Digital Forms can auto-populate fields based on prior data entered and also enable field-level validation. Digital data collection also eliminated data entry errors and data loss. Additional data can also be automatically be gathered such as Username, Geo-location and Time & Date.

Real Time Reporting

The issue with Paper-based data collection is that there will always be a time lag before reports or decision can be made. With a digital platform, such as FieldElite – Mobile Workforce Management , data can be processed and analysed as it is collected. Providing data driven insights to provide proactive rather than reactive reports to improve and optimise operations in real time.

It’s time to go Digital Forms!

Data Collection using Digital Forms will propel your company into the future and transform your data collection, data entry and analysis providing accurate data driven insights in real time. Digital forms are also mobile-optimized, updated in real time, and accessible by multiple parties, eliminating unnecessary meetings and emails. If you have a business and still haven’t used digital forms to gather information, contact Denizon today to organise a Demo of FieldElite – Mobile Workforce Management and discover how we can help you to transform your Field Service Operations

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
ESOS ? Why we must have it

The 9,000 big UK businesses directly affected by the new Energy Saving Opportunity Scheme could save UK?250 million between them, or an average UK?27,000 each, if they reduced electricity consumption by just 1%. The total amount is equal to the output of five power stations, at a time when Britain?s grid is under strain.
On 26 November 2014, UK Energy and Climate Change Secretary Ed Davey met with over 100 opinion makers from businesses, charities and universities at the Institute of Directors. The gist of what he presented was:

  • ?Britain?s big firms are spending around ?2.8 billion extra each year on inefficient energy technologies ? the equivalent output of nearly five power stations;
  • Now is the time to seize the opportunity with ESOS ? and organisations up and down the country are already gearing up to make changes to save energy, save money and save the environment.
  • If business did what business is supposed to do [that is innovate to make money] and act and invest, it will save ? and that’s the bottom line.?

The environmental benefits are as important although EcoVaro agrees with Ed Davey for taking a pecuniary approach. Businesses above the threshold of 250 staff and a balance sheet of UK?34 million would have not achieved their status unless they spent their money wisely.
The discussion panel included Rhian Kelly (Director of Business Environment at CBI), and Paul Ekins (Director UCL Institute for Sustainable Resources & Deputy Director of the UK Energy Research Centre). Hugh Jones, Managing Director, Advisory at the Carbon Trust responded to Ed Davey?s remarks by commenting:

  • ?At the Carbon Trust we have already engaged with hundreds of businesses on ESOS, helping to explain how they can achieve compliance while also making significant energy savings and cutting carbon.
  • Businesses often aren’t aware of opportunities in energy efficiency, or they don’t realise how attractive the paybacks can be. By requiring companies to understand exactly how they can make cost-effective investment in energy efficiency, they are far more likely to take action.
  • From the interest we have seen so far we expect ESOS to benefit British business by helping companies to reduce overheads and increase competitiveness.

The UK?s Energy Saving Opportunity Scheme ESOS is a gold mine of opportunities for big business, the environment and the population that breathes the air. Measurement of critical energy throughputs is the beginning of the process. EcoVaro is standing by to help you convert your data to meaningful information.

The Better Way of Applying Benford’s Law for Fraud Detection

Applying Benford’s Law on large collections of data is an effective way of detecting fraud. In this article, we?ll introduce you to Benford’s Law, talk about how auditors are employing it in fraud detection, and introduce you to a more effective way of integrating it into an IT solution.

Benford’s Law in a nutshell

Benford’s Law states that certain data sets – including certain accounting numbers – exhibit a non-uniform distribution of first digits. Simply put, if you gather all the first digits (e.g. 8 is the first digit of ?814 and 1 is the first digit of ?1768) of all the numbers that make up one of these data sets, the smallest digits will appear more frequently than the larger ones.

That is, according to Benford’s Law,

1 should comprise roughly 30.1% of all first digits;
2 should be 17.6%;
3 should be 12.5%;
4 should be 9.7%, and so on.

Notice that the 1s (ones) occur far more frequently than the rest. Those who are not familiar with Benford’s Law tend to assume that all digits should be distributed uniformly. So when fraudulent individuals tinker with accounting data, they may end up putting in more 9s or 8s than there actually should be.

Once an accounting data set is found to show a large deviation from this distribution, then auditors move in to make a closer inspection.

Benford’s Law spreadsheets and templates

Because Benford’s Law has been proven to be effective in discovering unnaturally-behaving data sets (such as those manipulated by fraudsters), many auditors have created simple software solutions that apply this law. Most of these solutions, owing to the fact that a large majority of accounting departments use spreadsheets, come in the form of spreadsheet templates.

You can easily find free downloadable spreadsheet templates that apply Benford’s Law as well as simple How-To articles that can help you to implement the law on your own existing spreadsheets. Just Google “Benford’s law template” or “Benford’s law spreadsheet”.

I suggest you try out some of them yourself to get a feel on how they work.

The problem with Benford’s Law when used on spreadsheets

There’s actually another reason why I wanted you to try those spreadsheet templates and How-To’s yourself. I wanted you to see how susceptible these solutions are to trivial errors. Whenever you work on these spreadsheet templates – or your own spreadsheets for that matter – when implementing Benford’s Law, you can commit mistakes when copy-pasting values, specifying ranges, entering formulas, and so on.

Furthermore, some of the data might be located in different spreadsheets, which can likewise by found in different departments and have to be emailed for consolidation. The departments who own this data will have to extract the needed data from their own spreadsheets, transfer them to another spreadsheet, and send them to the person in-charge of consolidation.

These activities can introduce errors as well. That’s why we think that, while Benford’s Law can be an effective tool for detecting fraud, spreadsheet-based working environments can taint the entire fraud detection process.

There?s actually a better IT solution where you can use Benford’s Law.

Why a server-based solution works better

In order to apply Benford’s Law more effectively, you need to use it in an environment that implements better controls than what spreadsheets can offer. What we propose is a server-based system.

In a server-based system, your data is placed in a secure database. People who want to input data or access existing data will have to go through access controls such as login procedures. These systems also have features that log access history so that you can trace who accessed which and when.

If Benford’s Law is integrated into such a system, there would be no need for any error-prone copy-pasting activities because all the data is stored in one place. Thus, fraud detection initiatives can be much faster and more reliable.

You can get more information on this site regarding the disadvantages of spreadsheets. We can also tell you more about the advantages of server application solutions.

Ready to work with Denizon?

Contact Us Today