9 Cloud Security Questions you need to ask Service Providers

Companies in Ireland and the UK who are considering cloud adoption might already have a general idea of the security risks inherent in cloud computing. However, since different providers may not offer the same levels of risk mitigation, it is important to know which providers can give sufficient assurance on cloud security.

Here are 10 cloud security questions to ask service providers vying for your attention.

1. Where will my data be located?

There are a variety of reasons why you will want to ask this question. One big reason is that there are certain countries that don’t have strict legislation (or any legislation at all) pertaining to cloud computing. In that case, the provider won’t be as motivated to apply high levels of risk mitigation.

So if your data is hosted off shore, then you might want to reconsider or at least conduct a deeper study regarding the security conditions there.

2. Do you have provisions for regulatory compliance?

Certain standards and regulations (e.g. PCI DSS and possibly the EU Data Protection Directive) have specific guidelines pertaining to data stored in the cloud. If your organisation is covered by any of these legislation, then you need to know whether your provider can help you meet requirements for compliance.

3. Who will have access to my data?

In a cloud environment, where your data is going to be managed by people who aren’t under your direct supervision, you’ll have to worry as much about internal threats as you would with external threats.

Therefore, you need to know how many individuals will have access to your data. You also need to know relevant information such as how admins and technicians with data access rights are screened prior to getting hired. You also need to determine what access controls are being implemented.

4. How is data segregated?

Since there will be other clients, you will want to know how your data is going to be segregated from theirs. Is there any possibility of an accidental or intentional data breach due to poor data segregation? Find out if your data is going to be encrypted and how strong the encryption algorithm is.

5. How will you support investigative activities?

Sometimes, even if strong cloud security measures are in place, a data breach can still happen. If it does happen, the provider should have ways to track each user/administrator’s activity that can sufficiently support a detailed data forensics investigation.

Find out whether logs are being kept and how detailed they are.

6. Are we protected by a Disaster Recovery/Business Continuity plan? How?

Don’t be fooled by sales talk of 100% up-time. Even the most robust cloud infrastructures can suffer outages too. But the important thing is that, when they do fail, they should be able to get up and running in the soonest time possible.

Don’t just ask about their guaranteed RPOs and RTOs. Find out whether your data and applications will be replicated across multiple sites. Unless the provider says they will be, you need to find a provider with a better infrastructure.

7. Can I get copies of my VMs?

In a cloud infrastructure, your servers are actually in the form of files known as virtual machines (VMs). Because VMs are just files, they should be easily copied. There may be issues though, like the VMs might be stored in a not-so-popular proprietary format. Another possible issue is that the provider may simply not allow copying.

Having copies of your VMs can be useful should you later on decide to transfer to another provider or even duplicate your cloud infrastructure on your own.

8. What will happen to my data when I scale down?

One outstanding benefit of cloud computing is that when your business demands drop, you can easily scale down computing resources and reduce your cloud spending. ?But what will happen to your data when you decommission virtual servers? Will they be discarded?

You might want your data to be retained up to a certain period. On the other hand, you might also want them to be deleted immediately. Ask about the provider’s data deletion/data retention policies and see if they are in line with yours.

9. What will happen to my data if I decide to close my account?

There might come a time when you’ll want to terminate your contract with your cloud provider. Just like in issue #8, you’ll want to find out more about data deletion/data retention policies.

Although some providers can give you detailed answers, many of these answers can include a lot of technical jargon that can leave you totally confused. If you want someone you can trust to:

  • simplify those answers;
  • help you pick the right cloud service provider, and
  • even make sure cloud security is really upheld once your cloud engagement is ?under way

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Authentication and Access Control

Threats to your data can come from external or internal sources.

  1. There are individuals who don’t have the authorisation but are driven by malicious intentions to gain access to certain information. This may refer to individuals who already belong to your organisation (but don’t have the necessary access rights) as well as those who don’t.
  2. There are individuals who have both the authorisation and, unfortunately, the malicious intentions over certain information.
  3. Finally, there are individuals who have the authorisation, no malicious intentions, but have accidentally exposed the information in question to those without the proper authority.

While curbing threats 2 and 3 would require other methods, threat #1 can be countered if the right authentication and access control systems are in place.

Here’s what we can do for you:

  • Work with your key personnel to determine who gets access to what.
  • Help you decide whether a single factor or a two-factor authentication (2FA) is appropriate for your organisation and recommend which factors are most suitable. Login methods may include but are not limited to the following:
    • biometric devices
    • Kerberos tickets
    • mobile phones
    • passwords
    • PKI certificates
    • proximity cards
    • smart cards
    • tokens
  • Install the necessary infrastructure needed for the factors chosen. For instance, if you opt to use biometrics, then biometric scanners will be installed. We’ll make sure that the authentication terminals are situated in places where achieving optimal traffic and work flow has been taken into consideration.

Other defences we’re capable of putting up include:

Month End Accounting the way it should Be Today

Month end accounting has always been a business critical exercise. Without the balance sheet, income statement, and other financial reports this exercise ultimately produces, management could not make informed decisions to keep the company in the right direction and at the ideal operational speed.

Now, in order to maintain optimal business velocity, month end activities have to be carried out as swiftly and as accurately as possible. Delays will only inhibit managers from reacting and effecting necessary adjustments in time. Inaccurate information, on the other hand, obviously lead to bad decisions.

But that’s not all. Never has the month end close been as demanding as it is today. Regulations like the Sarbanes-Oxley Act, Solvency II, Dodd-Frank Act, and others, which call for more stringent controls and more robust risk management practices, are now forcing companies to find better ways to face the end of the month.

Sticking to old month-end practices while striving to achieve regulation compliance can either cost a company more (if they add manpower) or simply bog it down (if they don’t). Among the worst of these practices is the use of spreadsheets.

These User Developed Applications (UDAs) are very susceptible to errors. (See spreadsheet risks)

What’s more, consolidating data from spreadsheets as well as carrying out reconciliations on them is very time consuming. These activities usually require data from outside sources – i.e. a workstation in a different department, building, or (in the case of really large corporations) geographical locations.

Furthermore, if one of these sources fail, the financial reports won’t be complete. This is not a far-fetched scenario, considering that spreadsheet storage and backup is typically carried out by the average end user. This leaves the spreadsheet data vulnerable to hard disk crashes, virus attacks, and unexpected disasters.

Thus, in order to produce accurate financial reports on time all the time, you need a financial/IT solution that offers optimal provisions for risk management, collaboration, backup, and business continuity. Learn about server-based solutions and discover a better way to carry out month end accounting.

SEO (Search Engine Optimization)

About a quarter of the world’s population use the Internet. That’s approximately 1.7 billion people. How many will come to your site the moment it launches? Zero.

It will take some time before the search engines are able to index your site and allow the possibility of driving some visitor traffic there. But even when your site does get indexed, that’s no assurance people will even have the chance of finding it.

So unless you apply SEO, your chances of improving those traffic numbers from zilch would nearly be zilch too. Traffic is a fundamental prerequisite in eCommerce. Before any store, virtual or otherwise, can ever hope to make a sale, the first step is to get noticed by the potential customer.

Our SEO specialists can drive your pages to the top of search results so that potential customers can see results leading to your site first.

Depending on the product or service you’re offering, getting to be ranked high on the search engines can be extremely labour-intensive. Basically, it’s the kind of job you’d rather not keep in-house but its the kind of job our team would be happy to take charge on.

Different products and services have different SEO requirements. We won’t recommend an SEO package if we think it will only translate to unnecessary spending.

These are the essentials of our SEO packages:

  • Targeted keywords and keyphrases. We’ll conduct extensive research on your product line and your product competitors to get hold of the best targeted keywords and keyphrases. If your competitors missed any important keyphrases, we’ll find those as well.
  • Strategically planted backlinks. We’ll concentrate our backlinking efforts on relevant backlinks to achieve top search engine rankings. As an added bonus, relevant backlinks drive in traffic that really matter as this is made up of visitors with the highest potential of turning into buyers.
  • On-site SEO. Certain issues arising from the mere makeup of most eCommerce websites are making on-site SEO tweaking more challenging. In fact, not all SEO consultants cater to these specific problems. Our specialists, on the other hand, pay special attention to issues regarding pagination resulting in keyword cannibalisation, product pages, landing page optimisation and the like.
  • Selection of SEO packages. While you’re still starting out, you may want to try our basic packages first. Then once you see traffic pouring in and revenues begin to build up, you can up the ante by upgrading to our premium packages.

Other services you might be interested in:

Ready to work with Denizon?

Contact Us Today