9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Mobile Workforce Management in a nutshell

It is fairly common for businesses to have staff working across many different locations across the country or even the world.  Engaged in various activities like  door-to-door sales, delivery and installations, service maintenance, conducting inspections & investigations or even data collection.

Managing and co-ordinating tasks, scheduling activities, planning and monitoring activities and communicating can often be challenging.

Mobile Workforce Management is the automation of the entire end-to-end workflow management and operations of any field service workers. 

Mobile Workforce Management Synonyms

Mobile Workforce Management is also known as

  • Field Service Management
  • Job Scheduling Software
  • Job Management Software

Advantages of Mobile Workforce Management

It is increasingly clear that there needs to be a certain sense of discipline and streamlining of field operations and important to automate certain tasks within field sales and operations, primarily because it helps you to track your assets remotely and ensuring contact with your workforce when required. Enabling your team to get in touch when required.

Most importantly, engineers, sales representatives and customer care executives can easily send information, scan receipts, Invoice customers and retrieve other crucial information in a standardized and streamlined manner. Assisting in regulating your business and also bringing some order to what is usually a very chaotic mode of working.

Why choose Mobile Workforce Management

Work Force Management tools help you to stay in control. They assist in automating what can and should be automated leaving only the crucial human-human interactivity. Helping you to keep a record of all interactions and important data within a database, without you having to manually go through sales receipts, complaint slips and other such details.

A Field Force Management tool is a time-saver and efficiency tool for companies. Moreover, these tools help to automate several aspects of your day to day operations, leading to an increase in productivity and motivation.

Streamlining operations, will also ensure that important stakeholders are well informed and management visibility is enhanced. Helping your business to make smarter decisions and help serve your customers better.

Field Force Management is similar to an Enterprise Resource Planning (ERP) solution but is vastly different. It is specifically targeted at staff that work on the field and is intended to make their and your work more streamlined, transparent and easy to track.

Cloud based solutions help you automate

 Field Force Management is usually cloud based which means all data is stored and accessible on secure cloud servers. There is no question of losing important data or not being able to retrieve something important. If something goes missing, there will usually be a backup available. Field force management tools include the software, the hardware and also the kind of training that is required for users to use it efficiently.

The software usually helps in saving and processing information while the hardware helps employees to enter important data into devices while they are on the job. Sometimes, field force solutions can also be a mobile app which negates the need for a specific or special device.

This is very important when it comes to field jobs as carrying different devices can prove to be a cumbersome job. At the end of the day, field force solutions are meant to reduce the burden on staff and not actually inadvertently increase it.

Denizon?s FieldElite Mobile Workforce management application provides significant improvements in efficiency and service with a switch to digital working and the elimination of paperwork.

All the information that is stored on the cloud can be run through analytics software so that you get the kind of reports that you are looking for to improve your business.

Field Force Management Process

A field force management tool helps you to remain in contact with your staff while they are at work on the field. This helps you to track your personnel in real time. Field personnel or your staff can log in and enter their attendance using a smartphone. You can assign that particular day?s task remotely using a web console or your own smartphone.

Next, they can carry out whatever duties they need to while you get all the alerts that you set to receive. This helps to increase transparency. You can choose to receive alerts on your phone or on your desktop.

Finally, staff can tag completed tasks with audio and images, instead of they having to type reports. This helps to focus more on the job than on job reporting. Last but not the least, location tags help you to ensure that the job is done at the right place. Your staff will not be able to take your generosity for granted.

All in all, a field force management tool helps you to track and control your staff without you having to be physically present with them and this is the beauty of this tool.

Summary

Field Force Management helps companies to reduce administration expense and improve productivity. This helps to automate data integration which is usually done with the help of cloud servers. Moreover, you can set invoice parameters that help you to also keep track of stocks, inventories and engage in P.O. and task management.

A number of field force management users also use it as a tool to engage in credit management. Banks and insurance companies particularly find this tool helpful as payments can be received on the job, instead of asking customers to pay online or offline. This also helps in building valuable customer relationships and enhance loyalty.

Thirdly, a field force management tool helps to increase planning efficiency. This means, you will be able to allocate tasks and optimize routing. All this helps to increase your ROI at the end of the day and get back the money you invest on field force management.

Finally, you will have more control over productivity and sales thanks to automation of data collection. You will also have more control over the execution of tasks and that will invariably make your company leaner and smarter.

Are Target Operating Models strategic compasses?

The short answer is they usually are, because every organisation needs a road-map of where they are going. Target operating models can be complex documents with illustrative details including project management structures, special tools, implementation procedures and management metrics. They can also be simple statements, as for example Winston Churchill?s promise that ?we shall fight them on the beaches, on the landing grounds and in the fields? which gave Britain the strategic direction it needed.

Many initiatives unfortunately fail because managers are ?too busy? to bottom on what their target operating model should say, or simply don’t believe in paperwork. As a result, promising initiatives may blunder off course or die a slow death without them really noticing. We cannot manage what we cannot measure, which is where the management metrics fit in. One of my favourite quotes is ?if you don’t know where you are going any road will get you there? which is what the Cheshire Cat said to Alice in Wonderland when she got lost.

The author blundered through life without a plan because there was no one else with his particular brand of imagination. The current business climate is different because everybody is trying to ramp up, and investors want to know exactly what is going to happen to their money and by when. Hence a target operating model can be indispensable throughout a change or product cycle.

The benefits of having a measurable operations / technology plan can produce powerfully tangible results if the organisation follows through on it. Built-in metrics with milestones are powerful tool for management, and, when they map through to the company financial plan almost irreplaceable as cash-flow forecasters.

Other benefits may include:

  • Shorter times to market and greater agility when launching new ideas
  • Reduced investor risk through a predictable process that’s readily monitored
  • A stable operating environment where there is consensus on direction
  • Greater likelihood of delivering on time and leading to repeat orders
  • A more cost-effective process, with less risk of loss of quality and money

Although it dates back a few years the Wills UK and Ireland Retail model still provides an excellent benchmark of a target operating plan that worked. The strategic goals were exceptionally clear, and they brought in a proven project manager to help them drive the program forward.

We have delivered advanced business management services to many of our clients, and believe you will find our personalised approach time-efficient and effective too.

Disadvantages of Spreadsheets – Obstacles to Compliance in the Healthcare Industry

Most of the regulatory compliance issues we talked about concerning spreadsheets have been related to financial data. But there are other kinds of data that are stored in spreadsheets which may also cause regulatory problems in the future.

In the US, a legislation known as HIPAA or Health Insurance Portability and Accountability Act is changing the way health care establishments and practitioners handle patient records. The HIPAA Privacy Rule is aimed at protecting the privacy of individually identifiable health information a.k.a. protected health information (PHI).

Examples of PHI include common identifiers like a patient’s name, address, Social Security Number, and so on, which can be used to identify the patient. HIPAA covers a wide range of health care organisations and service providers, including: health plan payers, health care clearing houses, hospitals, doctors, dentists, etc.

To protect the confidentiality, integrity, and availability of PHI, covered entities are required to implement technical policies such as access controls, authentication, and audit controls. These can easily be implemented on server-based systems.

Sad to say, many health care organisations who have started storing data electronically still rely on spreadsheet-based systems. Those policies are hard to implement in spreadsheet-based systems, where files are handled by end-users who are overloaded with their main line of work (i.e. health care) and have very little concern for data security.

In some of these systems, spreadsheet files containing PHI may have multiple versions in different workstations. Chances are, none of these files have any access control or user authentication mechanism whatsoever. Thus, changes can easily be made without proper documentation as to who carried out the changes.

And because the files are normally easily accessible, unauthorised disclosures – whether done intentionally or accidentally – will always be a lingering threat. Remember that HIPAA covered entities who are caught disclosing PHI can be fined from $50,000 up to $500,000 plus jail time.

But that’s not all. Through the HITECH Act of 2009, business associates of covered entities will now have to comply with HIPAA standards as well. Business associates are those companies who are performing functions and services for covered entities.

Examples of business associates are accounting firms, law firms, consultants, and so on. They automatically need to comply with the standards the moment they too deal with PHI.

 

More Spreadsheet Blogs

 

Spreadsheet Risks in Banks

 

Top 10 Disadvantages of Spreadsheets

 

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

 

How Internal Auditors can win the War against Spreadsheet Fraud

 

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

 

Still looking for a Way to Consolidate Excel Spreadsheets?

 

Disadvantages of Spreadsheets

 

Spreadsheet woes – ill equipped for an Agile Business Environment

 

Spreadsheet Fraud

 

Spreadsheet Woes – Limited features for easy adoption of a control framework

 

Spreadsheet woes – Burden in SOX Compliance and other Regulations

 

Spreadsheet Risk Issues

 

Server Application Solutions – Don’t let Spreadsheets hold your Business back

 

Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

 

Ready to work with Denizon?

Contact Us Today