9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

8 Reasons why you Need to Undertake Technical and Application Assessments

Are your information assets enabling you to operate more cost-effectively or are they just drawing in more risks than you are actually aware of? Obviously, you now need to get a better picture of those assets to see if your IT investments are giving you the benefits you were expecting and to help you identify areas where improvements should be made.

The best way to get the answers to those questions is through technical and application assessments. In this post, we?ll identify 8 good reasons why it is now imperative to undertake such assessments.

1. Address known issues – Perhaps the most common reason that drives companies to undertake a technology/application assessment is to identify the causes of existing issues such as those related to data accessibility, hardware and software scalability, and performance.

2. Cut down liabilities and risks – Unless you know what and where the risks are, there is no way you can implement an appropriate risk mitigation strategy. A technology and application assessment will enable you to thoroughly test and examine your information systems to see where your business-critical areas and points of failure are and subsequently allow you to act on them.

3. Discover emerging risks – Some risks may not yet be as threatening as others. But it would certainly be reassuring to be aware if any exist. That way, you can either nip them in the bud or keep them monitored.

4. Comply with regulations – Regulations like SOX require you to establish adequate internal controls to achieve compliance. Other regulations call for the protection of personally identifiable information. Assessments will help you pinpoint processes that lack controls, identify data that need protection, and areas that don’t meet regulatory requirements. This will enable you to act accordingly and keep your company away from tedious, time-consuming and costly sanctions.

5. Enhance performance – Poor performance is not always caused by an ageing hardware or an overloaded infrastructure. Sometimes, the culprits are: unsuitable configuration settings, inappropriate security policies, or misplaced business logic. A well-executed assessment can provide enough information that would lead to a more cost-effective action plan and help you avoid an expensive but useless purchase.

6. Improve interoperability – Disparate technologies working completely separate from each other may be preventing you from realising the maximum potential of your entire IT ecosystem. If you can examine your IT systems, you may be able to discover ways to make them interoperate and in turn harness untapped capabilities of already existing assets.

7. Ensure alignment of IT with business goals – An important factor in achieving IT governance is the proper alignment of IT with business goals. IT processes need to be assessed regularly to ensure that this alignment continues to exist. If it does not, then necessary adjustments can be made.

8. Provide assurance to customers and investors – Escalating cases of data breaches and identity theft are making customers and investors more conscious with a company?s capability of preserving the confidentiality of sensitive information. By conducting regular assessments, you can show your customers and investors concrete steps for keeping sensitive information confidential.

What are Operational Reviews

Faced with growing competition, businesses continually need to find new innovative solutions and ideas to improved organizational performance, especially in various cut-throat industries where innovation and good management can make or break the company.

This is the reason why, businesses place greater emphasis on the evaluation of efficiency, effectiveness, and economics of its operations.

Conducting regular Operational Reviews are key to keeping your company at peak performance.

What is an Operational Review

An operational review is an in-depth and objective review of an entire organization or a specific segment of that organization. It can be used to identify and address existing concerns within your company such as communication issues between departments, problems with customer relations, operating procedures, lack of profitability issues, and other factors that affect the stability of the business.

Operational reviews allow the organization members to evaluate how well they are performing, given that they perform appropriately according to the procedures set by them, allocating their resources properly, and performing such tasks within time frame set and using cost-effective measures. More importantly, it also shows your company how well it is prepared to meet future challenges.

What are the objectives of an Operational Review

The goals of an operational review are to increase revenue, improve market share, and reduce cost.

An operational review allows the management to see their company in a different light i.e a larger perspective. That is, it gives the management the opportunity to evaluate if the entrusted resources were used wisely to achieve the desired results of operations.

Operational reviews provide a comprehensive assessment of authority in that they help define expectations, and empower people within an organization to enact? up on it. This is due feedback provided will help them to better gauge the value of tasks performed and whether the job is being done the right or wrong way, and on what areas the company can excel and improve on.

The whole is greater than the sum of its parts

Questions worth considering in an Operational Review

Are you able to view your own organization as a whole from an objective angle?

Do the different departments complement each other so that they form a cohesive unit that boosts your business in the right direction?

With our comprehensive assessment of your organization?s current systems, operations, processes, and strategies, our operational review programs aim to help you in achieving these lofty goals: to improve business profitability and identify incompetence in both operations and organizational systems.

Benefits of an Operational Review

The main objective of an operational review is to help organizations like yours to learn how to deal with and address issues, instead of simply reacting to the challenges brought about by growth and change.

Information and data gathered in an Operational Review is practical from both a financial and operational perspective. Using? data, management can then formulate recommendations, which are not only realistic, but more importantly, can help the organization achieve its goals.

The Operational Review recognizes the extent to which your internal controls actually work, and enables you to identify and understand your strengths, weaknesses, opportunities and threats.

What should be included in an operational review

  • Assess compliance within your own organizational objectives, policies and procedures
  • Evaluate specific company operations independently and objectively
  • Impartial assessment regarding the effectiveness of an organization’s control systems
  • Identify the appropriate standards for quantifying achievement of organizational objectives
  • Evaluate the reliability and value of the company’s management data and reports
  • Pinpoint problem areas and their underlying causes
  • Identify opportunities to increase profit, augment revenue, and reduce costs without sacrificing the quality of the product or service.

More Operational Review Blogs

 

Carrying out an Operational Review

 

Operational Reviews

 

Operational Efficiency Initiatives

 

Operational Review Defined

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Becoming Nimble the Agile Project Management Way

In dictionary terms, ?agile? means ?able to move quickly and easily?. In project management terms, the definition is ?project management characterized by division of tasks into short work phases called ?sprints?, with frequent reassessments and adaptation of plans?. This technique is popular in software development but is also useful when rolling out other projects.

Managing the Seven Agile Development Phases

  • Stage 1: Vision. Define the software product in terms of how it will support the company vision and strategy, and what value it will provide the user. Customer satisfaction is of paramount value including accommodating user requirement changes.
  • Stage 2: Product Roadmap. Appoint a product owner responsible for liaising with the customer, business stakeholders and the development team. Task the owner with writing a high-level product description, creating a loose time frame and estimating effort for each phase.
  • Stage 3: Release Plan. Agile always looks ahead towards the benefits that will flow. Once agreed, the Product Road-map becomes the target deadline for delivery. With Vision, Road Map and Release Plan in place the next stage is to divide the project into manageable chunks, which may be parallel or serial.
  • Stage 4: Sprint Plans. Manage each of these phases as individual ?sprints?, with emphasis on speed and meeting targets. Before the development team starts working, make sure it agrees a common goal, identifies requirements and lists the tasks it will perform.
  • Stage 5: Daily Meetings. Meet with the development team each morning for a 15-minute review. Discuss what happened yesterday, identify and celebrate progress, and find a way to resolve or work around roadblocks. The goal is to get to alpha phase quickly. Nice-to-haves can be part of subsequent upgrades.
  • Stage 6: Sprint Review. When the phase of the project is complete, facilitate a sprint review with the team to confirm this. Invite the customer, business stakeholders and development team to a presentation where you demonstrate the project/ project phase that is implemented.
  • Stage 7: Sprint Retrospective. Call the team together again (the next day if possible) for a project review to discuss lessons learned. Focus on achievements and how to do even better next time. Document and implement process changes.

The Seven Agile Development Phases ? Conclusions and Thoughts

The Agile method is an excellent way of motivating project teams, achieving goals and building result-based communities. It is however, not a static system. The product owner must conduct regular, separate reviews with the customer too.

Ready to work with Denizon?

Contact Us Today