9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Computer Forensics

So you had a customer data security breach last weekend? Do you know you could be held liable in court for failing to implement required security procedures? That’s right. Due to the overwhelming surge in identity theft wherein nearly 20 million Americans have already been affected, most states have enacted laws to curtail this fast rising crime. Therefore, it is important to redefine how your company deals with customer data security.

  • First, you’ll want to know what your obligations are as dictated by law. Some places, for example, require the destruction or deletion of personal data through shredding, erasing, or by rendering them undecipherable.
  • Second, not only do you need to comply with the said requirements, you’ll also have to prove in court that you actually complied if ever a security breach does happen.
  • Third, you need to be aware of your post-breach duties to avoid being dealt additional penalties.

Obviously, such situations now call for individuals who are experts in both the legal and technical aspects regarding data security. Such individuals are practitioners of a relatively new discipline known as computer forensics.

Armed with our computer forensics specialists, we’ll be able to help you deal with the above concerns. As a result, you can be prevented from having to pay fines that can go up to hundreds of thousands of euros.

There are other equally important reasons why you would want to avail of computer forensics services. For example, you’ll need computer forensics specialists because you want to:

  • Catch a person involved in criminal activities such as child porn, stealing of personal data, and destroying intellectual property.
  • Investigate a computer, network, or even a mobile device for clues that may lead to the culprit.
  • Determine the extent and possible causes when you discover your digital data has been damaged.
  • Find and recover damaged, deleted or encrypted data regardless of whether the cause was intentional or not. If the data in question will be used as evidence in a legal action, there are certain procedures that need to be followed during recovery operations to retain the integrity of the data. Computer forensic specialists are highly qualified for such operations.
  • Implement security policies in your organisation. Such policies have to operate within legal bounds if you want to avoid possible sanctions in the future. These policies should also be designed such that future forensic operations can be conducted with a high likelihood of success.

That said, a company that integrates computer forensics into its IT security policies and practices will be better equipped to remedy the situation once data security has already been compromised than a company that doesn’t.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Proactive Preventative Maintenance: How IoT and Field Service Management Software Helps

FieldElite, our mobile workforce management software, has been key to several industries? return on investment. Whether it’s for plumbing, electrical, property management, cleaning, and maintenance, FieldElite has provided data centralisation for efficient management of these business activities. 

Field service management software is important to utilise current workload, and also helps resolve future issues. We’re talking about a proactive approach to preventative maintenance. 

How exactly do field service managements help in preventative maintenance? 

The answer lies in how field service management is interlinked with IoT in predicting future jobs for the mobile service industry.  

What is IoT? 

Simply put, the Internet of Things (IoT) is a network of devices and sensors connected to the internet. These ?things? (e.g. your smartphone or smartwatch) enable data to be sent and be received without human intervention.

Fundamentally, IoT is about devices being connected to the internet to allow remote monitoring

For many years now, remote monitoring for IT infrastructure has been widely used. 

What’s new that we’re experiencing right now is even the smallest devices ? individual light bulbs and sensors ? can have a network and internet connection, allowing entire systems to be monitored in great detail. 

Implementing IoT and accessing data can be challenging for most service organisations. However, when combined with predictive analytics and field management software, it can have a huge potential impact on individual businesses and the service industry as a whole. 

What is Preventative Maintenance? 

Preventive maintenance refers to regular, routine maintenance to help keep equipment up and running, preventing any unplanned downtime and expensive costs from unanticipated equipment failure. 

The goal of preventative maintenance is to decrease the likelihood of a machine or an equipment’s failure by performing regular maintenance. 

Preventative management can be very complex, especially for companies with a fleet of equipment or customers. It requires careful planning and scheduling of maintenance on equipment before there is an actual problem. 

Also, preventive maintenance is evolving. It’s not just about scheduling the same work every month to prevent failure anymore. Today, working smarter with better information about equipment conditions is critical to ensure maintenance is effective.

That’s where IoT and field service management software, like FieldElite, comes in. Together, they organise and carry out preventive maintenance needs for service industries. 

How IoT and FieldElite Helps in Preventative Maintenance

With FieldElite and IoT technology, you get the best in preventive maintenance management.

  • Evaluation of equipment or machines ? the condition of machines or equipment is evaluated in order to predict when maintenance needs to be performed. 
  • Automated work order ? automated time-based work order creation
  • Full condition-based plans allows you to do the following:
    • Right-size your maintenance work
    • Lower costs
    • Extend the life of your or customer?s assets 
  • Quicker reporting ? due to its efficient and automated nature, IoT and field service management software can reduce a field technician?s average report time from two weeks to two days, therefore boosting your cash flow! 

That’s the most important result a mobile service management software can produce (in connection with preventative maintenance). It’s cost-saving! This can be achieved over routine or time-based preventive maintenance, as tasks are only performed when they are needed. 

The Internet of Things (IoT) and field service management software is changing field service as we know it. 

Companies who adapt and utilise these technologies will benefit the most from the resulting competitive advantage of preventative maintenance. 

Start elevating every field service experience now!  

Our field service software, FieldElite helps you: 
  • Accepts jobs in the field
  • Automate appointment scheduling
  • Manage scheduled jobs 
  • Get real-time visibility into all operations
  • Have a clear and easy viewing of job locations 
  • Resolve field service calls faster 
  • Enable mobile workers to get the job done right
  • Keep customers updated at every step 
  • Create quotations and accept payments 
  • Analyse efficient reports from field technicians
  • Helps in proper preventative maintenance management. 

Learn how to schedule jobs to field workers with ease. Check out FieldElite

CONTACT US

  • We seek to understand your technology and business challenges
  • We tailor a demonstration of our platform and solutions to align to your specific needs
  • We answer any questions and make sensible recommendations
  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Solutions to Password Overload

If only technologists had their way, passwords and PINs would have long been replaced with more innovative (and admittedly, better) security solutions. But such is not the case. Those alternative solutions, which include biometrics, smart cards, and password fobs, effective as they may be, are just way too expensive to implement.

So although passwords and PINs may not be here to stay, they certainly won’t be going away soon either.

Why keeping passwords in memory is no longer possible

A couple of decades ago, it would have been nearly impossible to crack an eight-character password using brute force. Today, however, advancements in computing power are rendering the typical passwords of the past easily decipherable, forcing us to come up with passwords that are not only much longer, but also much more complex and hence difficult to recall.

For instance, memorable words like your favourite character (e.g. ‘skywalker’) may have been acceptable then, but not anymore. Today?s security systems will encourage you to insert numbers or even other keyboard characters as a means to once again counter brute force. Hence, ‘sk5%ywa936lker@#’ may be more acceptable.

Remembering that one alone can be pretty daunting.

To further complicate matters, the number of applications that require passwords for access is much greater than before even for a single end user. Ordinary end users have to keep track of passwords for their email account, network login, workstation login, online services, and so on.

The burden is even greater for your IT admins, who have to remember a larger collection of passwords that protect business critical systems and applications. Clearly, the team in charge of your IT security will need a way to manage all these passwords.

Password management solutions

Existing password management solutions typically come in the form of software applications that store passwords. Basically, all you need to remember are your login details for the app a.k.a. the ?master password?. Once you’ve gained access inside, you can then retrieve any password you stored there.

Some of these apps are installed in portable devices like Pocket PCs, PDAs, or smartphones, which you would normally take along with you. For as long as the device stays with you, your passwords will be in safe hands. What’s more, you can retrieve them anywhere you go.

But obviously, there’s a problem. What if the device gets misplaced or stolen? Although the person who ends up with your device may not be able to gain access into the app and your passwords, neither will you. A better solution would therefore be an app that can be accessed anywhere but is not susceptible to getting lost.

Web-based password manager

A web-based password manager fits the bill. You don’t have to take it with you, but still you can access it almost anywhere. A typical web-based password manager will have all your passwords stored in a centralised, highly secure location.

If you want, you can even use your mobile password manager along with the web-based one. Ideally, your web-based password manager would have a copy of all the end-user passwords as well as the master passwords of your organisation.

With an easy to access but highly-secure web-based password manager, you no longer have to come up with passwords that (ironically) are supposed to be easy to remember but hard to crack at the the same time.

Furthermore, password managers are ideal for keeping passwords that have to be changed every-now-and-then; a requirement that’s becoming all too common in organisations bent on enforcing more stringent controls.

Ready to work with Denizon?

Contact Us Today