9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

2015 ESOS Guidelines Chapter 1 ? Who Qualifies

The base criteria are any UK undertaking that employs more than 250 people and/or has a turnover in excess of ?50 million and/or has a balance sheet total greater than ?43 million. There is little point in attempting to separate off high polluting areas. If one corporate group qualifies for ESOS, then all the others are obligated to take part too. The sterling equivalents of ?38,937,777 and ?33,486,489 were set on 31 December 2014 and apply to the first compliance period.

Representatives of Overseas Entities

UK registered branches of foreign entities are treated as if fully UK owned. They also have to sign up if any overseas corporate element meets the threshold no matter where in the world. The deciding factor is common ownership throughout the ESOS system. ecoVaro appreciates this. We have seen European companies dumping pollution in under-regulated countries for far too long.

Generic Undertakings that Could Comply

The common factor is energy consumption and the organisation’s type of work is irrelevant. The Environmental Agency has provided the following generic checklist of undertakings that could qualify:

Limited Companies Public Companies Trusts
Partnerships Private Equity Companies Limited Liability Partnerships
Unincorporated Associations Not-for-Profit Bodies Universities (Per Funding)

Organisations Close to Thresholds

Organisations that come close to, but do not quite meet the qualification threshold should cast their minds back to previous accounting periods, because ESOS considers current and previous years. The exact wording in the regulations states:

?Where, in any accounting period, an undertaking is a large undertaking (or a small or medium undertaking, as the case may be), it retains that status until it falls within the definition of a small or medium undertaking (or a large undertaking, as the case may be) for two consecutive accounting periods.?

Considering the ?50,000 penalty for not completing an assessment or making a false or misleading statement, it makes good sense for close misses to comply.

Joint Ventures and Participative Undertakings

If one element of a UK group qualifies for ESOS, then the others must follow suit with the highest one carrying responsibility. Franchisees are independent undertakings although they may collectively agree to participate. If trusts receive energy from a third party that must do an ESOS, then so must they. Private equity firms and private finance initiatives receive the same treatment as other enterprises. De-aggregations must be in writing following which separated ESOS accountability applies.

How FieldElite helps Electricians

The need to hire an electrician arises more often than we expect. It’s quite common to come across problems with structure-wiring, whether at home or in your business premises. It’s, therefore, not surprising to come across a home or a business owner in search of electrical services.

Whether a startup or a fully-fledged business that offers electrical services, there are challenges that come with running the venture. Where you have field service electricians, the challenges are even compounded, more so on matters of assigning tasks, receiving complaints from customers, and receiving field service reports.

As we all know, an electrical business isn’t just limited to the management of field service electricians. You’ll have to manage all the processes, a responsibility that can be quite daunting.

It doesn’t have to be difficult, though. You can take advantage of a field service management software program to make the entire management process effortless.

FieldElite is one such software. With FieldElite, you can assign tasks, communicate, and receive reports from your electricians on the go. Incorporating field service management in your electrical business enables you to run your business operations smoothly. 

Below are some of the benefits of using FieldElite field service management software. 

Increased Efficiency

Improved efficiency is the number one benefit electricians can get from field service management software. With FieldElite, electricians can accept jobs while in the field and add attachments together with client signatures using their smartphones or tablets. From the field management software, they can get information on the optimal route to the site, the tools required for the job, the service history of the customer, and contractual commitments.

Managing and scheduling tasks on FieldElite are just a few clicks away for office-based operators. That means reduced travel times and delays that often cripple workforce management.

Improved Professionalism

FieldElite field management software gives you a professional edge over your competitors. With this field management software, you can store all your business-related information in a central place. Therefore, each of your electricians can access the data from anywhere using their smartphone or tablet installed with the FieldElite mobile application. As such, there?s no breach in communication, and that means the electricians will get the scheduled tasks on time. Building such relationships with your team in the field encourages teamwork and motivates each team member to play their part. Again, since you can monitor what’s going on in the field, you can address the issues raised by your electricians or customers as soon as possible. 

Effective Communication

Timely communication is very essential if you’re working with field technicians. Since you’ll not always be with them in the field, it’s always important to establish a proper communication channel to ensure information reaches them in time. With FieldElite field service management software, electricians receive notifications and details about tasks assigned to them via the FieldElite mobile app.

On the other hand, office-based staff can access the report with the details of the job once the electrician completes the given task. This implies that both the electricians and the office-based operators can get communication instantly, enabling them to see and manage their workloads. Individual electricians can close jobs on-site and proceed to the next task without having to do paperwork reporting. For this reason, electricians can complete multiple tasks within a short time, which improves their overall productivity.

High Accuracy

With FieldElite field service management software, missing data or incomplete information is a thing of the past. Electricians no longer have to deal with paperwork, which can be daunting and time-consuming, yet with a million and one errors. With FieldElite advanced mobile features, all field service processes and operations are automated. The electricians are left with quite little to do, and that minimises data entry errors.

Because the managers get real-time updates from the field techs, they can accurately maintain and track the field processes. With FieldElite mobile features, managers can get information regarding the job status, the actual time of arrival, and the time taken to complete the task. With such updates, the electricians are better placed to do the job well without wasting much time, thus improving their overall productivity. 

Improved Co-ordination With The Team 

Apart from improving the productivity of the electricians, FieldElite improves coordination with the entire management team. For instance, an electrician can be assigned new tasks within the same area where they’re currently assigned instead of sending another to complete a task in that same place. FieldElite makes this possible by always capturing the current location and job status.

Whenever a new request is made in an area, FieldElite first checks the database to confirm if there is an electrician already assigned in that area. If the status of the ongoing assignment is complete or almost complete and the new task request can wait for the remaining time, the electrician in the field would be assigned the new task. By doing so, the business saves on cost and time and minimises movements. 

Improved Customer Satisfaction

As an electrician, you’ll only be satisfied if the service you offer makes the customer happy. Apart from fixing their wiring problems, they?d be happy if you responded quickly to their request. This is only made possible with field service management software. With FieldElite, managers can notify the electricians on the service requests in their respective areas, allowing them to respond to the call within a very short time. Not only does this give you some level of satisfaction as the business owner but it’s also a win for the company. 

Make your field work-flow better with FieldElite, and improve the productivity of your electricians. With FieldElite releasing regular and timely updates, users aren’t left behind whenever there are changes in the field service industry. The updates introduce new features and capture new standards to ensure that you get the best experience with the software at all times.

How Bouygues manages an Empire-Sized Footprint

Bouygues is into telecoms / media, and building and road construction. It also knows it has to watch its energy footprint closely. Owning 47% of energy giant Alstom keeps it constantly in the media spotlight. Shall we find out more about its facility management policies?

The journal Premises and Facilities Management interviewed MD Martin Bouygues on his personal opinions concerning managing energy consumption in facilities. He began by commenting that this was hardly a subject for the C-Suite in years gone by. Low-level clerks simply paid the bills following which the actual amounts were lost in the general expenses account. That of course has changed.

Early pressure came from soaring energy bills, which were pursued by a whole host of electricity-saving gadgets. However, it was only after the carbon crisis caught business by surprise that the link was forged to aerial pollution, and the social responsibilities of big business to help with the solution. The duty to have an energy strategy became an obligation eagerly policed by organisations such as Greenpeace.

Unsurprisingly, Martin Bouygues? advice begins with keeping energy consumption and its carbon footprint as high up on the agenda as health and safety. ?It needs bravery and a lot of hard work to get it there,? he says, ?so perseverance is the key?. 

The company has developed proprietary software that enables it to pull data from remote sensors in more than 80 countries every fifteen minutes. A single large building can contribute 50 million data items annually making data big business in the system. Every building has an allocated energy performance contract against which results are reported monthly, as a basis for reviewing progress.

The system is intelligent and able to incorporate low-occupancy periods such as weekends and public holidays. What is measured gets managed. We all know that, but how many of us apply the principle to our energy bills. With assistance from ecoVaro, the possible becomes real.

We offer a similar service to the Bouygues model with one notable exception. You don’t buy the software and you only pay when you use it. Our systems are simply designed for busy financial managers.

Ready to work with Denizon?

Contact Us Today