9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Mobile Security

Today’s advanced enterprises make extensive use of mobile devices in order for team members to exchange information, collaborate, and carry out business whenever and wherever they need to. BlackBerries, iPhones, Google Phones, and other smartphones as well as PocketPCs and PDAs are now allowed wireless remote access to the enterprise network.

As a result, they introduce additional vulnerabilities into the system.

  • Bluetooth exploits and unencrypted passwords can allow malicious individuals to gain access to private information.
  • Various wireless technologies that have substantially simplified the task of transferring data have provided openings for malicious code. In addition, the diversity of these wireless technologies combined with the constrained environments of these devices have made it difficult to come up with an all-in-one solution.
  • All PocketPCs, PDAs and smartphones can be synchronised with PCs and laptops, giving malware an entry point into computers and networks. Memory cards are guilty of this too.
  • VoIP, which are usually unencrypted, allow other people to perform unauthorised capture and recording of private conversations.

Mobile security is still an emerging discipline. Because of this, many organisations that allow members’ mobile phone access into the network don’t actually have a specific security policy for such devices.

That’s why we’re here to help. We’ll conduct a thorough evaluation of your security policies and systems in relation to mobile devices and seal gaps we spot along the way. If you don’t have the needed policies or if what you have needs an overhaul, we’ll set everything up (including the needed applications and infrastructure) for you.

Once we’ve got everything in place, you won’t have to worry about the vulnerabilities mentioned earlier. In addition to that, your organisation will already be capable of preventing the following:

  • Access to company information when the phone ends up in the hands of anyone other than the authorised user.
  • Being billed for phone usage due to virus activity
  • Unauthorised phone activity monitoring through spyware
  • Other disruptions caused by mobile-based malware

Other defences we’re capable of putting up include:

Data Replication

Medical Data Form

These days, not many companies can continue to operate once their entire computer system goes down. All the information needed in daily operations are stored in databases while the interfaces that make use of them all come in the form of software applications.

Software applications can be rapidly reinstalled and configured for as long as the necessary programs are available. Data, however, cannot be reconstructed as quickly even with hard copies available. It is therefore necessary to store your data in a replicated setup so that when one section goes down, operations can proceed without interruption.

For instance, if a category 5 hurricane renders your main office useless, you can simply rent workstations elsewhere, connect to the Internet and continue with your usual transactions for as long as data is readily accessible.

So how do we ensure the accessibility and reliability of your data? Here’s what we’ll do:

  • Activate data replication on your database management system. If your DBMS does not support replication, we’ll migrate all your data to one that does.
  • If absolutely necessary, we can allow modernised systems to run parallel to your legacy systems and prepare both for full modernisation when you’re ready.
  • Implement fail-over technologies where applicable to provide for automatic switching to a backup data server or network from one that has just failed.

We can also assist you with the following:

How to be cleaner and greener indoors

The supply of water on planet earth is finite hence the need to conserve this precious resource. Water is a utility that is often used in and outdoors and for that reason, water conservation activities should be undertaken everywhere.

Get greener everywhere
Water saving can be achieved through various ways. Of utmost importance, fixing leaks should be undertaken in all areas. Small household leaks can add up to gallons of water lost every day. It is therefore important to check all water system fixtures and ensure that there are no leakages.

Greener bathroom habits
Turning off taps- this should be practised in the bathroom especially while shaving and brushing teeth. One could also consider using showers instead of baths since showers use less water and get into the habit of taking shorter showers.

Clean and green dishes
The kitchen is one of the areas where a lot of water is used. Some of the ways through which water can be conserved in the kitchen are:

  • Use of basins when washing dishes by hand
  • Using a dishwasher – when using the dish washer, it is important to make sure it’s fully loaded. Scraping plates instead of rinsing before loading it into the dishwasher will also go a long way in the conservation of the valuable commodity called water

Green your laundry and earn green bucks
The other area where water saving can be made is the laundry room. Washing only full loads of laundry will ensure that your washing machine is running at full efficiency hence you will be able to maximise your washer for energy efficiency. Always ensure you use the appropriate water level or load size selection on the washing machine. All these will not only save water but energy too and since savings are earnings you can smile all the way to the bank where some green bucks will be credited to your account.

Ready to work with Denizon?

Contact Us Today