9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Denizon’s Business Continuity Services

Disruptions to business operations can be as catastrophic as a Hurricane Katrina or a 9/11 or as relatively trivial as a minor power outage or a planned shutdown. What ever the gravity, scope and duration the disruption has, your company should be able to handle each situation so that you can declare “business as usual” and really mean it. (more…)

Reduce Cost and Improve Productivity

Whether the economy is in a downturn or not, management will always aim for a more cost effective IT solution. If your current IT infrastructure is hurting your profitability, our expertise is both ‘tested and proven”.? Also “bleeding edge” solutions in the industry will enable us to find inexpensive alternatives for you.

For instance, have you started to wonder whether having a constantly growing number of servers, many of which are underutilised, is really the norm? Well, that used to be the case. However, with the advent of virtualisation and replication, that expensive exercise is steadily becoming a thing of the past.

By implementing solutions powered by these two technologies, organisations can now manage excess storage capacities and hardware resources by performing simpler processes at lesser costs. In addition to that, using the same pair of technologies, companies can also decrease the downtime suffered during maintenance and upgrades.

Thus, at the end of the day, not only do companies stand to reduce expenditures, they can also boost revenues as a result of increased productivity time.

Do we still have other IT solutions that tackle a different set of problems but arrive at the same outcome, i.e. reduced costs + improved productivity = higher profits? You bet we do.

Basically, this is how we’ll help your company arrive at the same winning formula:

  • Provide insights as to where and when changes have to be made. Oftentimes, initiatives to reduce cost and improve productivity are not preceded by the appropriate study especially as with regards to their impact on all departments in the organisation. This usually results in unnecessary duplication of resources, a sure way to increase costs instead.
  • Consolidate and automate. We’ll work within your budget in finding ways to consolidate your applications, hardware, storage, databases, and processes. Then we’ll integrate automation practices to simplify management and maintenance of all these assets. This will substantially free not only your IT infrastructure but also your IT staff, giving them more opportunities to innovate.
  • Create an innovative environment. One of the benefits you gain in having room to innovate is the potential to discover new ways to drive costs even further. A fraction of your savings can then be used to develop even better IT solutions, thus creating a productive cycle: IT solutions > savings and innovation > better IT solutions. Our role is to help you harness your potentials to keep that cycle running.
  • Work to reduce carbon footprint in all your procedures. By ensuring that energy consumption is brought to a minimum in every step you take, you can rest assured that costs have only one way to go – down. Check out our Energy Management Software ecoVaro.

Find out how we can increase your efficiency even more:

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Energy Savings Opportunity Scheme (ESOS): An Overview

Energy management is crucial to most businesses in the UK. This is primarily because energy usage substantially affects all organizations, whether large or small. The good news is that, energy costs can be controlled through improved energy efficiency. And this is exactly why Energy Savings Opportunity Scheme (ESOS) came into being ? to promote competitiveness among businesses.

Energy Savings Opportunity Scheme is the realisation of the UK Government’s ambition towards achieving the maximum potential of cost-effective energy in the economy. ESOS aims to stimulate innovation and growth, cut emissions and support a sustainable energy system.

ESOS at a Glance – Legal Perspective

The EU Energy Efficiency Directive took a major step forward on November 14, 2012 and headed towards establishing a framework to promote energy efficiency across various economic sectors. To interpret Article 8 of the Directive, the government has given birth to ESOS; requiring large enterprises to undergo mandatory energy audits and energy management systems by December 5, 2015 and at least every 4 years thereafter.

Large enterprises include UK companies that have more than 250 employees or those businesses whose annual turnover exceeds ?50 million and whose statement of financial position totals more than ?43 million. With this, over 7000 of the biggest companies in Britain will need to comply with ESOS as an approach to review their total energy use in buildings, business operations, transport and industrial processes.

Generally, ESOS is both an obligation and an opportunity. It is an obligation for the indicated target companies since they need to submit to additional regimes; focus on audit evidences; act in accordance to group structures and compliance; and observe limited penalties and note retention periods. Moreover, it is also an opportunity for companies to strive for more savings on energy projects; attempt to standardise their potential market; and effectively lower debt and legal costs.

ESOS Audits ? Looking Beyond

According to the Department of Energy and Climate Change (DECC), average first audit costs would be estimated at about ?17,000 and subsequent ones at around ?10,000. As expected, these audits will result in energy saving recommendations, of which companies need not proceed for a follow up; and substantially improve businesses in their energy management issues. DECC further states that every business that complies with ESOS could save an average of ?56,400 each year from an initial investment of ?17,000 only.

Currently, up to 6,000 UK businesses are already subject to existing CRC Carbon Reduction Scheme, Mandatory Carbon Reporting, Climate Change Levy and other compliance. This signifies that ESOS may overlap with prevailing energy efficiency legislation and may put additional pressure on energy administration. While this is true, however, ESOS holds extensive benefits. Although the scheme can be viewed as another costly compliance to environmental standards, ESOS goes straight to the bottom line and provides the organisation with competitive advantage. If large businesses act now and comply with it, they will be able to enjoy maximised payback in the long run.

Indeed, Energy Savings Opportunity Scheme is already here. It is mandatory with minimal investment. And all you have to do is act quickly, implement new improvements and earn more.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today