9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

A Definitive List of the Business Benefits of Cloud Computing ? Part 4

Lowers cost of analytics

Big data and business intelligence (BI) have become the bywords in the current global economy. As consumers today browse, buy, communicate, use their gadgets, and interact on social networks, they leave in their trail a whole lot of data that can serve as a goldmine of information organisations can glean from. With such information at the disposal of or easily obtainable by businesses, you can expect that big data solutions will be at the forefront of these organisations’ efforts to create value for the customer and gain advantage over competitors.

Research firm Gartner’s latest survey of CIOs which included 2,300 respondents from 44 countries revealed that the three top priority investments for 2012 to 2015 as rated by the CIOs surveyed are Analytics and Business Intelligence, Mobile Technologies, and Cloud Computing. In addition, Gartner predicts that about $232 million in IT spending until 2016 will be driven by big data. This is a clear indication that the intelligent use of data is going to be a defining factor in most organisations.

Yet while big data offers a lot of growth opportunities for enterprises, there remains a big question on the capability of businesses to leverage on the available data. Do they have the means to deploy the required storage, computing resources, and analytical software needed to capture value from the rapidly increasing torrent of data?

Without the appropriate analytics and BI tools, raw data will remain as it is – a potential source of valuable information but always unutilised. Only when they can take the time, complexity and expense out of processing huge datasets obtained from customers, employees, consumers in general, and sensor-embedded products can businesses hope to fully harness the power of information.

So where does the cloud fit into all these?

Access to analytics and BI solutions have all too often been limited to large corporations, and within these organisations, a few business analysts and key executives. But that could quickly become a thing of the past because the cloud can now provide exactly what big data analytics requires – the ability to draw on large amounts of data and massive computing power – at a fraction of the cost and complexity these resources once entailed.

At their end, cloud service providers already deal with the storage, hardware, software, networking and security requirements needed for BI, with the resources available on an on-demand, pay-as-you-go approach. In doing so, they make analytics and access to relevant information simplified, and therefore more ubiquitous in the long run.

As the amount of data continues to grow exponentially on a daily basis, sophisticated analytics will be a priority IT technology across all industries, with organisations scrambling to find impactful insights from big data. Cloud-based services ensure that both small and large companies can benefit from the significantly reduced costs of BI solutions as well as the quick delivery of information, allowing for precise and insightful analytics as close to real time as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Strategy and Portfolio Management

 

A well planned strategy is the necessary bridge between brilliant leadership and excellent execution. Without it, your entire organisation cannot hope to respond quickly and effectively to challenges and changes within the landscape on which it operates.

Strategic planning involves identifying objectives, understanding what resources are needed to attain them, and then allocating the resources to the appropriate units to ensure they are used optimally towards the achievement of desired objectives. Among the end results which can be reflected by your team members are:

  1. Deeper understanding of the competitive environment;
  2. Snappy execution of plans;
  3. Faster, more aligned actions; and
  4. More intelligent and apt responses against strategic moves of the competition.

We understand the need to institute strategic management in such a way that your organisation can easily adapt to unforeseen developments. As such, all our solutions are formulated to make your organisation not only well-guided but also as dynamic as possible.

Strategy Formulation

Before you can proceed to map out any strategy for your company, you’ll have to study your company’s current environment. This will help you determine what courses of action should be taken to be able to navigate through such environment on your way to the end goal.

If you’re not a full time strategist, such a task can either be very daunting or deceivingly easy… the former can prevent your team from getting started, while the latter can lead your team astray.

Ideally, strategy formulation should be carried out as quickly and as efficiently as possible so you can move on to implementation before the competition can react. Our methods can enable your leaders to hit the ground running each time they set out on a strategic plan.

How?

  • We can assist in accurately applying strategic tools like SWOT and Gap analysis, then help integrate the results into an effective strategic plan.
  • We’ll train your team how to carry out effective research techniques so that the information they gather will really be what we need. This is because the tools mentioned earlier can only work effectively if the inputs were picked intelligently. Of course, if you want the entire process expedited, we can also conduct the research ourselves.
  • We’ll establish best practices for top-down, bottom-up, and collaborative strategic management processes. We’ll even show you how to organise and hold meetings where team members are constantly engaged and in-sync, so action plans can be developed and relayed fast.
  • We’ll see to it that strategies for all functional departments (such as IT management, supply-chain, HR, marketing, and legal) are in line with your business strategies, which should in, turn be aligned with your overall corporate strategy.

Strategy Evaluation

Your strategies have to be periodically assessed if you want to determine whether they are attuned to variations affecting your organisation. These changes may include new technologies, emerging competitors, new opportunities, as well as unexpected developments in the economic environment and political climate.

While no time limit is imposed for the build-up of resources vital to the attainment of a specific objective, the window of opportunity can shut on you before you can start amassing such resources. Given this possibility, it is important for your strategies to undergo evaluation processes that will determine whether you should pursue them or not.

Using only the most reliable evaluation techniques, we’ll help you establish whether:

  • Your strategies will place your company in a position that will give it competitive advantage or will erode whatever advantage the competition already has;
  • Your strategies are consistent with the landscape on which your company currently traverses;
  • They are realistic enough in relation to the resources you have on hand;
  • The associated risks have all been identified and the appropriate control measures have already been put in place;
  • The time frames for their full realisation are both realistic and acceptable.

Portfolio Management

In today’s highly competitive market, many of the more successful enterprises are driven by project-based systems.

Now, there’s always a tendency for project managers to become overenthusiastic and to come up with a number of projects that can’t be sustained by available resources. If your project-based company frequently runs out of resources, then either you just have too many projects running or too much is being allocated to a select few.

In both instances, the problem does not necessarily lie on the individual project managers themselves. Rather, what is needed is the ability to have full control over existing projects and investments.

Your leadership should be able to rank projects in terms of their impact to your organisation’s growth, positioning, and profitability. This will give you sufficient information when deciding which projects to pursue, prioritise, or shut down. These are the benefits you’ll gain from our services:

  • A vivid presentation of the big picture. Only when you can step back from all the detail and see the interplay of investments and resources will you be able to make wise decisions regarding how and where to position them.
  • The ability to distinguish between projects with the highest potentials and those that are outdated.
  • Access to expertise that will help you distribute your present IT infrastructure, human resources, financial resources, and facilities across running projects to obtain the biggest benefits for all stakeholders.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Saving Energy Step 2 ? More Practical Ideas

In my previous blog, we wrote about implementing a management system. This boils down to sharing a common vision up and down and across the organisation, measuring progress, and pinning accountability on individuals. This time, we would like to talk about simple things that organisations can do to shrink their carbon footprints. But first let’s talk about the things that hold us back.

When we take on new clients we sometimes find that they are baffled by what I call energy industry-speak. We blame this partly on government. We understand they need clear definitions in their regulations. It’s just a pity they don’t use ordinary English when they put their ideas across in public forums.

Consultants sometimes seem to take advantage of these terms, when they roll words like audit, assessment, diagnostic, examination, survey and review across their pages. Dare we suggest they are trying to confuse with jargon? We created ecoVaro to demystify the energy business. Our goal is to convert data into formats business people understand. As promised, here are five easy things your staff could do without even going off on training.

  1. Right-size equipment? outsource peak production in busy periods, rather than wasting energy on a system that is running at half capacity mostly.
  2. Re-Install equipment to OEM specifications ? individual pieces of equipment need accurate interfacing with larger systems, to ensure that every ounce of energy delivers on its promise.
  3. Maintain to specification ? make sure machine tools are within limits, and that equipment is well-lubricated, optimally adjusted and running smoothly.
  4. Adjust HVAC to demand ? Engineers design heating and ventilation systems to cope with maximum requirements, and not all are set up to adapt to quieter periods. Try turning off a few units and see what happens.
  5. Recover Heat ? Heat around machines is energy wasted. Find creative ways to recycle it. If you can’t, then insulate the equipment from the rest of the work space, and spend less money cooling the place down.

Well that wasn’t rocket science, was it? There are many more things that we can do to streamline energy use, and coax our profits up. This is as true in a factory as in the office and at home. The power we use is largely non-renewable. Small savings help, and banknotes pile up quickly.

Ready to work with Denizon?