9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Implementing Large-Scale Complex Business Change

Sometimes, driving your people to work harder is not enough for your organisation to withstand the pressures laying siege to it. With uncertain economic conditions, unpredictable fresh competition, and looming threats from the environment or even pandemic-grade diseases, empowering your people to not only ‘think’ but also to ‘step’ out of the box is currently the name of the game.

However, such initiatives typically require sweeping changes throughout your entire organisation … and to think even the slightest change is often met with hard resistance.

Whether you’re about to undergo an M&A, relocate due to a major catastrophe, scale down to a skeletal workforce, or implement a brand-new company-wide strategy, our systematic approach to large-scale complex business change can help you make the transition as seamless as possible.

We understand the importance of the human aspect in change management. That is why we’ll focus on making your people appreciate the benefits of having to learn new skills, perform new tasks, employ modern technologies, and go through new processes in order to tone down the resistance level.

Our entire process spans from top to bottom, wherein we’ll start with your sponsors, down to your managers, and then to other stakeholders in making them appreciative of the needed changes and in order to achieve alignment with your organisation’s goals. Our top to bottom approach is also aimed at casting a positive “shadow of the leader” on people down the line, enabling them with an optimistic view despite the gruelling tasks before them.

We invite you to have a look at the steps we take in implementing large-scale complex business change to win over a strong and lasting commitment to it.

Evaluating the Required Change

Large-scale complex business change initiatives can be implemented expeditiously and economically if you’ve clearly defined the scope of the change as well as the forces that shape your organisation. You’ll want to know which areas yield easily and which are hard to change to determine where and how you’re going to focus more of your efforts on.

To arrive at a sound and systematic plan, we first gather as much information as needed and analyse them. We determine whether your departments have the required capabilities and how we can arrive at a clear organisational alignment. That way, we don’t waste time, effort and resources when the moment comes to carry out the plan.

These are some of the diagnostic procedures we perform in evaluating the required change.

  • Change complexity analysis. We’ll assess the contribution of people and task factors to the overall complexity of the change project. This will help us determine how to approach the problem efficiently.
  • Causal analysis. By establishing cause and effect relationships, we can identify root or circular causes. This will allow us to pinpoint problem areas and prevent a repetition of past mistakes.
  • Structural analysis. Any company is propped up by a number of structures: organisational, process, motivational, social, and physical, among others. Understanding the structures that drive, motivate, hamper, connect, and influence your people’s behaviours can provide insights as to how or where structural change can best be executed.
  • Context analysis. We’ll look into market forces as well as political, economic, social, technological, legal, and environmental factors enveloping your business. We’ll also analyse your driving objectives, organisational alignment, and organizational capabilities. By analysing the internal and external environment in which your business currently operates, we can formulate a customised strategic and effective plan of action.

Managing Stakeholders

Change initiatives won’t prosper without total commitment from all stakeholders. Stakeholders refer to people in your organisation who either have interests in the change project or can be affected by it.

We deal with your stakeholders starting from the top because if we can’t gain full commitment from those already in the best position to spur the diverse entities in your company into active cooperation, striving to secure commitment from other areas will be futile.

That is, if you don’t have the full support of your key and principal sponsors, i.e. the people who have the biggest say and have greatest control over resources in your organisation, you can’t hope to sustain the change endeavour, let alone provide the much needed spark to get it started.

Here’s how we carry out our stakeholder management actions.

  • Conduct research to identify all stakeholders: the sponsors, your internal and external partners, the main targets of the change, and all interested parties. That way you can “switch on” implementors of each change action in the proper sequence.
  • Not everyone will offer resistance to your change endeavours. We’ll help you identify those stakeholders and sponsors who are willing to offer support, evaluate the level of support they are willing to give, harness all available supports and utilise them extensively to benefit the change.
  • Gain a deeper understanding as to why certain stakeholders are willing to lend support. In doing so, we can implement the right strategies that will encourage them to continue supporting you.
  • Assemble a leadership team that will champion your change initiatives. We’ll facilitate effective collaboration among its team members, transforming them into a cohesive force designed to carry out plans and motivate everyone else down the line.
  • Upon realisation of the change project, we’ll see to it that all stakeholders get a taste of the carrot at the end of the stick. This will encourage them to continue active cooperation in future change initiatives.

Planning for the Change

Anyone who has experienced having their car stuck in the mud knows that stepping on the accelerator will only get the vehicle trapped even deeper. Without the aid of a towing truck, getting the car out will require careful planning since different combinations of pulling, pushing, lifting, rocking to-and-fro, and stepping on the accelerator may be needed.

Of course, some combinations are just better than others. The same principle holds when effecting change.

Our approach to change management typically varies depending upon the information we obtain from the different analyses performed earlier. For instance, since not all organisations are suitable for a collaborative approach, we will employ either collaborative, consultative, directive, or coercive change management strategies wherever applicable.

A well-planned change will result in a smoother, less costly, and less disruptive transition. Here’s how we’ll help you plan your change initiatives.

  • When put in a predicament similar to the car-in-the-mud, the basic strategy entails identifying the current resisting forces and predicting what other resisting forces may be encountered along the way. After researching and pointing out your organisation’s resistance forces, we’ll lay out the most appropriate facilitation, education, and negotiation techniques.
  • To bring down wastage to the lowest possible levels, we’ll engineer a change delivery plan that involves the most cost-effective sequence of driver, process, technology, organisational, and people alignment.
  • To win and maintain a high level of trust, confidence and commitment from all sponsors and stakeholders, we’ll present a clear road map of the change process as well as landmarks that will prove how far we will have gone. These landmarks will then be brought to each sponsor’s and stakeholder’s attention each time they are arrived at in order to build up assurance and continued commitment.
  • We’ll design measurement tools and schedule reporting deadlines so that you’ll know what to look forward to and when to expect them.

Managing the Change

Your company will hold a better chance of maintaining a sizeable lead over the rest of the pack if you constantly establish a rally point and instil in your stakeholders the drive to rally to that point from the get-go. To make this happen, your company must undertake the unfreezing, transition, and refreezing phases of change skilfully in order to bring all stakeholders into the right mindset.

Our specialists’ systematic and efficient methods for each of these phases are designed to simplify the management of each phase as well as provide a seamless shift from one phase to the next. This is what we’ll do:

  • Set up a change project management office to ensure that everything associated with the change initiative is given the needed attention and resources even while all the other usual processes in your organisation run concurrently.
  • To unfreeze your people and get them started on the road of change, we’ll employ unfreezing techniques wherever they are most appropriate. We’ll resort to different kinds of methods ranging from presenting persuasive evidence justifying the need for change to showing a motivational vision for inspiring your people to embark on the change process.
  • Since it is during the transition phase when your people can find themselves groping in the dark, we’ll offer executive coaches for your senior managers; facilitators to provide guidance during team meetings and other change activities; coaches to educate and inspire them to meet the change with the right attitude; trainers to teach new systems, procedures, and technologies; as well as employ a variety of other techniques in order to make the transition phase as seamless as possible.
  • Although your people should always be ready to undertake the next major change after a previous one, there should be points in between where they can taste the spirit of success, establish a temporary base to rejuvenate, and immediately gain a deeper understanding of the nearby terrain so as to envision the next rally point. We’ll see to it that this vital phase of change is carried out completely.
How Bombardier Inc. scored a Bulls Eye

When travelling anywhere in the world on land, sea or air, chances are, you will travel courtesy of something made by aerospace and transportation company Bombardier based in Montreal, Canada. In 2009, it set itself the goal of carbon neutrality by 2020. In other words, it hoped to remove as much carbon dioxide from the atmosphere as it was putting in.

By 2012, Bombardier concluded it was not going to become carbon neutral by 2020 at its current rate of progress. It discounted purchasing carbon offsets because it believed it would serve its interests better by introducing new energy-saving products to market faster. That way, it would achieve its objectives vicariously through the decisions of its customers. But that was not all that forward-thinking Bombardier did. It also set itself the following inward-facing objectives:

  • Reduce carbon footprint through efficient use of energy and less emissions
  • Involve the Bombardier workforce to raise awareness of behaving responsibly
  • Implement sustainable initiatives to further reduce the company carbon footprint

Specific Examples

At its Wichita site, Bombardier (a) fitted a white roof and insulation reducing summer energy consumption by 40%, (b) added an energy recovery wheel to balance air circulation, and (c) introduced skylights with integrated controllers to lower energy consumption by lighting.

At Mirabel, it enhanced the flue-gas management system by adding a pressure differential damper.

At Belfast, Bombardier (a) optimised HVAC systems to reduce pressure on chilling and air-handling plants, (b) installed solar panels on the roof, and (c) obtained approval for a waste-to-energy plant that will convert 120,000 tonnes of non-recyclable waste material annually.

By the end of 2013, Bombardier had already beaten its immediate targets by:

  • Reducing energy consumption by 11% against 2009
  • Reducing greenhouse gas emission by 23% against 2009
  • Reducing water consumption by 6% against 2012

Future Plans

Bombardier will never stop striving to reach its goal of carbon neutrality by 2020. It has a number of other projects in the pipeline waiting for scarce resources to fund them. During 2014, it continued with energy efficient upgrades at its French, Hungarian, Polish, Swiss, and UK plants.

These include consumption monitoring systems, LEDs for workshop lighting, new heating systems, and outdoor energy-saving tower lighting. The monitoring is important because it helps Bombardier focus effort, and provides measured proof of progress.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Keys to Successful Matrix Management

Matrix management, in itself, is a breakthrough concept. In fact, there are a lot of organizations today that became successful when they implemented this management technique. However, there are also organizations that started it but failed. And eventually abandoned it in the end.

Looking at these scenarios, we can say that when you implement matrix management in your organisation, two things can happen – you either succeed or fail. And there?s nothing in between. The truth is, the effectiveness of matrix management lies in your hands and in your implementation. To ensure that you achieve your desired results, recognise these essential keys to successful matrix management.

Establish Performance Goals and Metrics

This should be done as soon as the team is formed, at the beginning of the year or during the process of setting organisational objectives. Whenever it is, the most important thing is that each team player understands the objectives and metrics to which their performances will be evaluated. This ensures that everyone is looking at the same set of objectives as they carry out their individual tasks.

Define Roles and Responsibilities

One pitfall of matrix management is its internal complexity. Awareness of this limitation teaches you to clearly define the roles and responsibilities of the team players up front. Basically, there are three principal sets of roles that should be explained vividly ? the matrix leader, matrix managers and the matrixed employees. It is important to discuss all the possible details on these roles, as well as their specific responsibilities, to keep track of each other?s participation in the projects of the organisation.

One effective tool to facilitate this discussion is through the RACI chart – Who is Responsible? Who is Accountable? Who should be Consulted? Who will Implement? With this, clarification of roles and responsibilities would be more efficient.

When roles are already clearly defined, each participant should review their job descriptions and key performance metrics. This is to make sure that the roles and responsibilities expected of you integrates consistently with your job in the organisation, as a whole.

Manage Deadlines

In matrix management, the employees report to several managers. They will likely have multiple deadlines to attend to and accomplish. There might even be conflicts from one deadline to another. Hence, each should learn how to schedule and prioritise their tasks. Time management and action programs should be incorporated to keep the grace under pressure.

Deliver Clear Communication

Another pitfall of matrix management is heightened conflict. To avoid unrealistic expectations, the matrix leaders and managers should communicate decisions and information clearly to their subordinates, vice versa. It would help if everyone will find time to meet regularly or send timely reports on progress.

Empower Diversity

Knowledge, working styles, opinions, skills and talents are diverse in a matrix organisation. Knowing this fact, each should understand, appreciate and empower the learning opportunities that this diversity presents. Trust is important. Respect to each other?s opinions is vital. And acknowledgement of differing viewpoints is crucial.

The impetus of matrix management is the same ? mobilise the organisation’s resources and skills to cope with the fast-paced changes in the environment. So, maximise the benefits of matrix management as you consider these essential keys to its successful implementation.

Ready to work with Denizon?

Contact Us Today