9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

simplify those answers;
help you pick the right cloud service provider, and
even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

(+353)(0)1-443-3807 – IRL
(+44)(0)20-7193-9751 – UK

Check our similar posts

Are Master Data Management and Hadoop a Good Match?

Master Data is the critical electronic information about the company we cannot afford to lose. Accordingly, we should sanitise it, look after it, and store it safely in several separate places that are independent of each other. The advent of Big Data introduced the current era of huge repositories ?in the clouds?. They are not, of course but at least they are remote. This short article includes a discussion about Hadoop, and whether this is a good platform to back up your Master Data.

About Hadoop

Hadoop is an open-source Apache software framework built on the assumption that hardware failure is so common that backups are unavoidable. It comprises a storage area and a management part that distributes the data to smaller nodes where it processes faster and more efficiently. Prominent users include Yahoo! and Facebook. In fact more than half Fortune 50 companies were using Hadoop in 2013.

Hadoop – initially launched in December 2011 ? has survived its baptism of fire and became a respected, reliable option. But is this something the average business owner can tackle on their own? Bear in mind that open source software generally comes with little implementation support from the vendor.

The Hadoop Strong Suite

Free to download, use and contribute to

Everything you need ?in the box? to get started

Distributed across multiple fire-walled computers

Fast processing of data held in efficient cluster nodes

Massive scaleable storage you are unlikely to run out of

Practical Constraints

There is more to Hadoop than writing to WordPress. The most straightforward solutions are uploading using Java commands, obtaining an interface mechanism, or using third party vendor connectors such as ACCESS or SAS. The system does not replace the need for IT support, although it is cheap and exceptionally powerful.

The Not-Free Safer Option

Smaller companies without in-depth in-house support are wise to engage with a technical intermediary. There are companies providing commercial implementations followed by support. Microsoft, Amazon and Google among others all have commercial versions in their catalogues, and support teams at the end of the line.

2015 – What’s ahead for UK Business?

According to reports just in, the global environment industry is down. Less money is available for what some CEO?s still see as grudge expenditure, and many U.S. agencies are seeking soft budget cuts. The UK is proving to be an exception following the announcement of ESOS, and EcoVaro does not expect the May elections will have much impact in this regard.

ESOS calls for mandatory energy assessments in companies above a certain size, and requires specific proposals to cut consumption. There is no indication of compulsory follow-through, although it is clear the Environment Agency hopes rising electricity prices and the prospect of monetary savings will do the trick.

It is an open question whether the Tory government would have interfered with commerce to this extent, were it not for the European directive that enforced it. The overall goal is to cut EU energy consumption across the board by 20% by 2020. Energy consultants are rubbing their hands in glee. EcoVaro?s response is to provide cloud-based software.

We will be interested to see how many UK companies make the first deadline of 5 December 2015, in the light of reports that half the 9,000 firms affected appear not to even know that ESOS exists. Some will no doubt pay last-minute lip service. Those with an eye on their own sustainability will grasp the Energy Saving Opportunity Scheme with both hands.

The initial ESOS deadline was always going to be a challenge. Some big corporates have stolen a march albeit egged on by green stakeholders. The next challenge comes in June 2015 with the implementation of the European Union?s ?Waste Catalogue? of hazardous substances, and rules for their disposal. We hope a new ISO 14001 will arrive soon and pull the loose threads together.

The introduction of carbon trading late this year brings further opportunities to increase profits through wise stewardship. Auditable metrics are essential for this.

EcoVaro can assist by processing your raw data. We provide this service on a virtual cloud. In return, you can get advice on optimising the quality of your graphs for presentations.

Field service and customer transparency

These days, a business is as good as it is transparent. Businesses are on unsteady ground because of the ever changing face of social media and a never-seen-before demand for information. With many sources of info on the internet, being credible is a sure way of building trust and loyalty among clients.

Here is an example. Customers will always believe what they see. If they see the work you put into furnishing their favourite products, you have a greater chance of getting their approval. They can invest more in what they see. The clothing merchandise Patagonia did this for their Footprint Chronicles line to show how their jackets are made and worked out fine for them.
Transparency is a must. Nowadays, customers never forget when they feel cheated. It is even harder to ensure transparency because many clients are also experts who scrutinise every detail. So, how can you keep transparency at the forefront?

Have transparent workforce management

Customers always look for new information and want to be in the know. There is nothing worse than not being able find a product manual or an easy way to set up appointments. By giving your clients a self-service option, they can pick the services they want. This leaves more time to get stuff done rather than answering unending service calls from dissatisfied customers.

For instance, you could have a field service customer self-service application that allows customers to look for personalised services, a machine manual, book appointments, or solve any other problem. Customers then get feedback anytime. This one-on-one approach can help customers feel like their questions are being answered. They?ll also not go through the hassle of long hold times to reach an available customer service representative.

Create transparency in field service repair projects

If field technicians have access to field service software, it allows technicians to be more open to customers. This gives them vital information like customer history and the ERP, so that they can explain changes that were made after past enquiries and what is being done in current products. Such information can be a guide for future updates or let the techs suggest products that suit a client’s taste. Unlike always staying offline and out of touch with your client, using field service software can allow entry of allowances and mileage, and also let the customer know the delivery time for their products.

Show customers what they’re paying for

With field service automation, billing will also be transparent. By using the available information about your field service solution, the station can send updated service reports to the customer like mileage, allowances, parts, hours worked, and photos of broken parts from the service. After the customer authenticates the transaction with a signature, the field service agent can generate and sent to the customer an invoice based on the agreed upon services. In case allowances and mileage can be forwarded to the customer, it will be shown on the invoice.
Because you use field service automation, it means that the customer will receive the invoice really fast ? in days rather than weeks ? and transparency will skyrocket because the whole experience of the service will leave a permanent mark in their mind.

Mistaking information for transparency

Being honest with your customer is the one thing. Wasting their time with unnecessary information is another. Here is an experience I had with a small retailer. Tracking information is only useful if it has recent updates and is accurate. If the company want to use real time tracking, let them do so under one condition ? updates should be regular and on time so as not to leave the customer frustrated because they also make plans based on the same information. Late updates shed light on the nature of the service command. Everyone hates cooked-up real time information.

A company must not always have a one to one exchange of information with customers to maintain transparency..

Use simple language that all customers can understand
Don’t use abbreviations that only employees know
Never ever air your failures and flaws to your customers

It is interesting that most of the tools we use to keep in touch with our clients and servicing their requests can also be used to gather data and iron out possible errors to improve products and services. This is a good chance for service providers to evaluate and make necessary amendments.

There are some areas that will need improving while others will not, nevertheless, the client needs to always be informed and know why things are the way they are. Not all details should be told, so filter what you share.

5 ways field service supports customer service

Sales organisations are always in motion, working to deliver the right product to their customers. To keep customers smiling all times is hard and only needs close communication and fulfilling promises that were made to them. This is where the field service delivery team comes in. Field service can either meet this demand or fall short plummeting satisfaction rates.
This is a task that relies on right people using various parts and information to get the job done. No matter what, the customer always expects to get exceptional services whether it be over the phone, chats, in the field, online messaging, over email, or social media.

These five field service points are suitable for any business model and guarantee excellent company-client relations.

Proactive service

A proactive service gives more to the customer. More attention is given to the customer so that the right actions, deliveries and repairs are done. By getting everything right the first time, the customer has less to do ensuring that they are satisfied with the services.
However, the field service technician is flooded with a myriad of unpredictable situations; overheating equipment, stalled machines, and insufficient precaution. But through field management software, they get more data about the customer and type of service or parts expected and they easily ride through any storm and prevent future damage.

Transparency

Nothing frustrates a customer more than a schedule that delays repairs. They easily ditch you for better services elsewhere. By offering the customer a service where they book appointments based on their own availability, we can easily sync this to the technicians and manager?s calendar. This not only saves time but also money from otherwise idle equipment.

On-site and off-site collaboration

Having seamless communication between field and office technicians is vital. Field technicians need to know more about parts, repairs, client maintenance history, and predict what should be changed in the long run. The faster they do this the better.

There should be a system that creates and automates communication between field and office technicians. Let each have the upper hand when providing parts, products or services to the customer.

Flexibility

Information is key to field service agents. They make the first impression since they make the initial contact with clients. Regardless of the resources, the field technician must always be armed with mobile tools they will need to access online resources and be ready for any emergency.

Actionable performance improvements

Customers demand excellent service a company could offer. But as the game constantly shifts, the service management technicians must also come up with plans to stay up to par with competition. All these stems from coming up with KPIs, measuring them and turning them into a workable plan for the future.