Posts Tagged ‘data protection’

VCC Live® Has Been Awarded the PCI DSS Certificate for the Fourth Time

Posted on: March 6th, 2019 by dorarapcsak No Comments

Another year, another successful IT audit! We’re more than delighted to announce that, after our latest comprehensive yearly audit, VCC Live® has once again been awarded the PCI DSS international certificate. VCC Live® has been PCI compliant for a number of years, and this year saw our certificate renewed for the fourth time.

For those not aware, PCI DSS (Payment Card Industry Data Security Standard) is one of the strictest card holder data security standards in the world, and is backed by the five largest credit card issuers in the market.

The PCI DSS certificate applies to any organization that accepts credit and debit card payments, and PCI DSS compliance validation is performed annually or quarterly. As VCC Live®’s unique VCC Live Pay feature provides customers with the opportunity to make real-time payments during a single phone call, being PCI DSS-compliant is of utmost importance to us.

With the evolution of cybercrime, and with cybercriminals becoming more advanced than ever, businesses handling valuable customer data really do need to take all necessary measures to protect their data. Still, according to the following, alarming statistics conducted by EY, it seems that the majority of companies are still not prepared for a potential data breach. Their research found that:

  • Only 38% of global organizations are prepared for a complex cyber attack
  • Only 4% of organizations are confident that they have fully considered the information security implications of their current strategy
  • Only 12% feel it is very likely they would detect a sophisticated cyber attack

We are proud to say that we are at the cutting edge in this respect, and among one of only a few companies who take data security 100% seriously. Nothing proves this better than our fourth PCI DSS certificate, along with our two additional ISO027001 and ISO022301 certificates.

PCI DSS certificate vcc live blog

Balázs Zsolt, Information Security & Process Manager at VCC Live® and Miklós Tassi, Consultant and QSA Auditor at AperSky 

Here at VCC Live, data security and privacy have been at the heart of the company from the very beginning, and we’re proud of the fact that our company has been built with customer privacy in mind.

This fourth renewal of our PCI DSS certificate clearly reflects our dedication to data privacy, and determination to continuously review our IT security and business continuity processes, including successfully undergoing the yearly audits required for all three certificates.

Here’s how you can prevent a call center cyberattack

Posted on: May 30th, 2018 by dorarapcsak No Comments

As we all know, information is power. But in today’s fast-paced digital world, having access to an ever-increasing amount of information has also led to an ever-increasing number of challenges. One of these challenges is the fact that organizations storing sensitive data have become a major target for cybercriminals. And unfortunately, call centers, who typically handle a lot of valuable customer information, are no exception.

Call centers often collect and store a huge amount of customer information, making them particularly attractive to cybercriminals. In fact, according to Pindrop’s 2016 Call Center Fraud Report, the number of call center fraud attacks has grown by 45% since 2013.

With the evolution of cybercrime, and cybercriminals becoming more advanced than ever, businesses – including call centers – really have to take all necessary measures to protect their data. Otherwise, the consequences could be disastrous.

In this article, we’ll discuss some measures that will help you prevent a call center cyberattack. Check out our pro tips before it’s too late!

Increase physical security

If you want your call center to be successfully equipped to prevent a call center cyberattack, then you have to put yourself in the cybercriminals’ shoes and pinpoint all the weak points your business might have. And when it comes to data security, always start by strengthening your physical security. It may sound obvious, but when the survival of your business is at stake, it’s better to play it safe.

Besides using an entry-exit system, make sure that only authorized personnel can enter restricted areas, such as your server rooms. Installing security cameras is also a good idea, but you’ll certainly need to hire qualified staff to monitor them.

Boost internal security

Once you secured the physical assets of your office, it’s time to take your internal security into consideration. It’s true that data hackers are a big threat to any call center, but if your internal security isn’t well-established enough, you may be leading your business straight into disaster.

As call center employees handle a lot of sensitive data, such as credit card information, passwords, and bank details, they can potentially pose the biggest threat to your business concerning a possible call center cyberattack. Therefore, always make sure that your employees are well-educated about different forms of cyber attacks, and also ensure that they receive all necessary training regarding data security. Don’t forget that GDPR also came into effect on 25th May, so educating your staff about data privacy and security became more important than ever.

Training your staff on data security is a great start but, unfortunately, that doesn’t mean your work is done here.  We also recommend you appoint an IT Security Officer to oversee the data security process.

As for corporate documentation, make sure that your employees only have access to information that they need in order to carry out their tasks.

Improve your encryption

Cybercriminals continue to evolve the methods they use to breach your call center’s security system, so if you want to keep your data safe, then encryption is an absolute must for your call center.

Encryption makes text unreadable by anyone other than those who have the keys to decode it, thus slowing down or even preventing cybercriminals from stealing customer information from your call center. In the era of cybercrime, encryption is a must-have element in any call center’s security strategy.

An advanced encryption system can encrypt and decrypt data without security or system administrators having access to the information. In addition, encryption can be used with any type of data, ensuring that potential criminals cannot steal your customers’ confidential information from you.

Using encryption is one of the most powerful ways to keep your data safe and secure. Even if hackers eventually succeed and steal data from your call center, they still won’t be able to use it.

Ensure you have a reliable backup solution

We can’t emphasize enough the importance of a cloud-based software solution. Reliable cloud-based technology always offers backup solutions, ensuring that all your information is protected and backed-up in the event of a call center cyberattack. As we wrote about in a previous article, unexpected events can occur anytime, so you better have a reliable backup solution for such events.

It’s no surprise that more and more companies are beginning to look to the cloud for their everyday business functions. Try and look for a proven and reliable cloud-based service provider that is equipped with essential security features, including two-stage authentication, password-required entry, and security certificates. Choosing a solution provider with the characteristics above will quickly bring your investment a high return.

If you still haven’t found the perfect call center software solution for your business, then check out our pro tips on what to consider when choosing a call center software.

Test vulnerability to prevent a call center cyberattack

The best way to prevent a call center cyberattack is to think and act like a cybercriminal. So, once your physical assets and systems are all secured, it’s a good idea to conduct a penetration test, also known as a vulnerability test. This is a test in which you simulate an attack on your systems, allowing you to identify the weak points in your network security and initiate improvements based on them.

Don’t forget, practice makes perfect. So, make sure to conduct penetration tests systematically, so you can keep your system updated and prepared for any forms of call center cyberattack. Making this a regular practice will make the difference. Remember, cybercriminals are highly advanced these days, so don’t make it easy for them to beat your systems.

Security and quality – the indispensable parts of product development

Posted on: September 6th, 2017 by viktorvarga No Comments

Change is an inseparable part of corporate governance. But every company needs to be able to meet the security-related challenges which changes in quality assurance and information handling raise.

 

The law of continuing change

Change is not only unavoidable, it is of chief importance in the business world. Every day, enterprises need to deal with changes in manufacturing, finance, processes, operations, and all other areas of business which are an inseparable part of progress. But when working on updates and changes, or rethinking strategies and releasing new products, questions regarding security and data safety are raised. Every update or a new product release has an impact on company operations, and can seriously affect corporate image. Whether this impact is big or small depends on how timely unexpected events and unforeseen results are handled.

A number of methods and practices have been designed especially to help companies and enterprises proceed go through change and new release processes, and perform them in an expert, and most of all secure, manner. Some companies use applications or online platforms to track every task and its results through a ticketing system. Others use less modern means such as paper-based forms and templates. Each method, however, has the same purpose: to follow through a process with strict control points, and to oversee the smooth development of products and services, and their safety and security levels. This type of control allows for discrepancies to be filtered on time, and for smoothly-working elements to be strengthened and developed further. It is also of key importance when involving third parties, such as vendors or service and storage providers. Not only do you need to ensure that all involved parties adhere to and use the right level of security and quality management within their own organisation, you also need to oversee the quality of their work, based on your own quality and security standards and processes.

As a software development company we believe that the security of our customers’ and clients’ information and data is of the utmost importance. As one of Lehman’s laws of software engineering says: “Systems that are used must change, or else they automatically become less useful.” Inspired by this rule, we constantly work on improving our services and products, while also always aiming to keep the security of our solutions at the highest possible level.

 

Meet change – securely!

Receiving an unbiased expert evaluation is crucial in software development, especially when it comes to the security and safety of programs and applications. Every software development company has a number of options open to it to ensure the right amount of security is applied in their solutions and releases: OWASP (Open Web Application Security Project), Quality Assurance processes, and strict testing with a first and second pair of eyes. All of these options aim to help software developers update their existing products or develop new ones, while staying focused on quality and security. We have already shared an article on the importance of seamless testing processes and involving certified testers dedicated to this important task, and how VCC Live’s in-house testing processes are carried out (you can read the article here). Below we share our views on some more aspects of Quality Management and Information Security Management that we concentrate on within our own organisation:

  • realistic timeframes – the development of flawless software products requires time. It is not only important for development teams to have enough time to create a product, as testing and quality assurance activities, as well as the need for updates that may result from them, also require time to be performed. A software solution can be sent back many times for corrections, making it impossible for developer teams to release the finished product within a short time frame. If this process is put under pressure, it may lead to unfortunate events and high security risks, such as information leaks, data theft, and so forth. While it is important to have release date schedules, it is also important to remember that PDCA methodology, important for every management process, contains not only a Plan in its name – it is also important to Do, Check, and Act, meaning you should carefully check for any risks and act to fix them before it’s too late. Which brings us to:
  • continuous improvement – it is very important to make sure that quality assurance processes within the company are always adhered to, as they provide the basis for organisation improvement in the future. Information and experiences during the testing and quality assurance period should be recorded and shared as lessons learned among the involved parties, to help develop a process of continuous improvement. Being open to users’ feedback and experience is also important, and such feedback should not only be always welcomed but also taken seriously, because if it isn’t the development company risks losing its users’ trust in their professionalism.
  • secure coding – as a part of continuous improvement, secure coding practices provide invaluable help for software developers and programmers in finding alternatives in coding and reducing or eliminating vulnerabilities in their product. Secure coding is an extremely important part of every software developing process and should not be taken lightly – if defects and logic flows in the software are not taken care of, they can lead to serious security issues.
  • customer data security – when releasing applications or products that process customer data, such as personal details, bank card information, or any other form of customer data, it is not just of the utmost importance to make sure this data is processed securely, you need to make sure that data is kept safe at all times and will not be leaked to any third party, even in the event of hacker attacks. This is something an experienced etchical hacker can be of great help with.
  • business impact analysis – when working on several features or functions, or on configurations or bug fixes, it is extremely important to coordinate the testing and release readiness not only of each separate element, but also of their combination in one comprehensive product as well. Different features must not only be tested individually, the ready software or application needs to overgo a strict business impact analysis process to ensure that the combination of features works seamlessly together, having no negative impact on users, information handling, or business. If even one single element is proven to be unsecure, this can jeopardise the safety and reliability of the whole product, leading to information and data leakage or product unreliability.

All flows” is a saying that refers to the constant change through which the world goes. And a changing world affects companies and businesses as well. While new developments are a good thing, helping enterprises expand and become prosperous, they can also be the reason for them to fail if not handled securely. Businesses should not be afraid of change, rather they should learn to control it safely and take full advantage of it. It is OK to hold back on product releases if they are not yet fully ready. It is OK to stop a process if it comes with too many risks for customers. But it is never OK to jeopardize the security of customers’ data and their trust.

VCC Live – continuation of a success story

Posted on: September 13th, 2016 by viktorvarga No Comments

This autumn, two important changes have occurred at our company: the name of our company group has been changed to VCC Live, and we have occupied our “A” category office in Budapest. An exciting new image has been added to our brand name in order to express the new direction we follow in business.

Szabolcs Tóth and Tamás Jalsovszky, the founders of Virtual Call Center have always been pioneers as regards telecommunication and call centre trends, and made their decisions accordingly. At the time when Hungarian companies still applied installed systems, they already believed in the cloud-based service and the related business model. The business concept and courage of Virtual Call Center proved to be successful during the economic crisis: our clients chose our cost effective, sustainable system that was easy to update.

However, due to changes in technology, the market of cloud-based services and the call centre market are constantly changing. After a while, we believed that the name Virtual Call Center failed to express what our business partners feel at the beginning of our cooperation: our company provides a modern complex solution, supporting an increasing number of their business activities. Nowadays, fulfilling the requirements of corporate contact centres, in addition to our voice-based services, we offer channels suitable for individual and group e-mailing as well as for chatting.

Today, keeping in touch with clients is not just one of our many corporate tasks, but it fundamentally determines and rapidly influences our brand image. Customer service is the communication channel pushed forward by our company. The more efficient and proactive the service of clients, sale or complaint handling are, the more significant a company’s competitive advantage becomes. The best way to support corporate processes is through connected contact centre channels providing up-to-date data.

In view of the above, we have decided to renew the brand with which we work day by day and in which we see serious potential for development in the following years. VCC is the name most of our business partners used to call our company by, therefore we have tried to connect our present to our past.

Live refers to a point that is common is all of our services: the power of live real-time communication. We believe that the idea of people-centred communication will survive all changes in technology.

In the first half of the year we prepared another important milestone in our company’s life: our moving to Krisztina Palace, an office building in Buda. In the “A”-category building, which meets the highest standards for safety and convenience, we envisaged a spacious and inspiring office for VCC’s team for the long term. A place where life continues around the armchairs after the working hours and where our business partners are glad to return.

Stricter EU regulations in the cloud

Posted on: June 21st, 2016 by viktorvarga No Comments

VCC aims to provide the highest possible level of data security for both our domestic and international clients. In particular, we focus on the continual updating of our cloud-based services’ data protection security, based on the latest legal requirements. As a result, we are currently analysing and preparing to implement the EU’s new General Data Protection Regulation (GDPR) before it comes into effect.

Several articles about the GDPR have already been published, both here in Hungary as well as in other EU member states. The regulation, which will officially be introduced in 2018, is stricter than current legislation, and all EU member countries will be subject to its interpretations of data movement. It will also provide greater guarantees to all parties that data movement can be traced back.

Why is this regulation so important to VCC? As a cloud-based service provider we are considered in legal terms as data processors, and so are responsible for every piece of information we handle through which individuals can be identified, even if we only transfer it to a third party rather than store it ourselves. Due partly to the international legal environment and partly to our own IT environment and already acquired certificates, data generated by our partners’ activities is already subject to strict regulations. Security is of particular importance in regards to bank card details moving through our system since the launch of VCC Pay. As such, VCC already has an approach in place similar to the EU requirements in the GDPR, and we now only have to deal with the specific regulatory and technical details in the new regulation.

The GDPR will allow EU citizens’ data sent to non-EU countries to be more closely monitored. Data owners will have to give clear consent to the data handling procedure. They will also be able to more easily demand that data processors modify or delete their data – the monitoring of which will of course be challenging, due to the required synchronisation of data between different process handling systems . For anyone authorising another party to process their personal data, data portability between providers will also become more transparent. Another important change in the EU regulation is that data owners will more easily be called to account, with fines of up to 20 million EUR, or 4% of a company’s annual turnover. However, at the same time, the life of companies such as VCC, who have a presence in several EU countries, will be easier, as they will only have to cooperate with the Data Protection Authority in the country in which their headquarters are based.

Although the new regulations will put an extra burden on service providers, it carries the promise of greater transparency and of a central supervising watchdog to settle disputes between parties.

For more details please see:
Computerworld.uk, and the European Council advisory website

Enhanced protection for your stored data – two-factor authentication

Posted on: December 9th, 2015 by viktorvarga No Comments

From today, Virtual Call Center users can take advantage of two-factor authentication when using our solution. This latest feature enhances the security of data stored in VCC’s client software programme by requiring, in addition to normal login authentication, a further login authentication procedure, using a password sent to a personal device, such as a mobile phone, ID card, or USB token.

With the increasingly widespread use of smart devices, two-factor authentication is becoming an ever more popular solution, since it inserts an additional authorisation step in the login process, thus minimising the risk of data abuse.

Data stored in the VCC client system is important and valuable to our customers in a number of ways. Databases can, for example, contain personal information whose storage is subject to strict legal and IT rules; alternatively, a comprehensive call centre customer or calling list can be its most important business advantage, and one which has to be protected from competitors.

As such, we operate a secure password policy in our system, in particular allowing the strength of passwords chosen by users to be set centrally. The newly introduced two-factor login procedure (which we anticipate will normally be used via a mobile phone) further enhances this security filter.

We have chosen the Google Authenticator application, which generates a code consisting of 6 digits which remains valid for 90 seconds after requested, to provide the technology required for this feature. When first logging in to a workstation, you are required to insert the generated string of numbers after your username and password. After logging in you can select a ‘Remember me for 30 days’ option, which will allow the version of the VCC client running on the workstation to operate without further two-factor identification for a period of 30 days (unless deactivated by the user before the end of this period). If an unauthorised person manages to access the mobile phone, or if the phone becomes faulty or an active Google account is deleted from it, a supervisor is able to modify the two-factor settings.

Two-factor authentication using a physical device will be particularly useful for call centre staff who are authorised to manage, export or import databases.

 

You can download Google Authenticator here:

Installation guide for Google Authenticator:

Data protection and associated risks – part 2

Posted on: April 2nd, 2015 by viktorvarga No Comments

You don’t have to be a giant corporation, like Sony attacked by North Korean government hackers, to understand: in the world of information data protection, and associated risks are part of every day’s life. All companies must face these risks associated with electronic data stored on computer, server or internet.

Data protection risk comes with all kind of data handling – beginning with the paper-based files, through information stored on any laptop and ending with dangers of cloud-based systems. Companies using internet can face denial of service attacks against their servers or web attacks defacing and disrupting their web page.
Data protection and liability insurance packages have been developed by numerous insurance companies to handle risks associated with data protection. Virtual Call Center’s insurance partner is AIG. The CyberEdge insurance is a protection package against unforeseen consequences of data leaks and data privacy events.

Let’s deal with data protection risks

In the case of data leaks private data or confidential business information leaks from the company’s system because of a cyber attack or data mishandling. The IT team is deeply concerned by this issue while business continuity must be served, as usual. The team has to investigate, what caused the data leaks: human error or attack? The team has to decide: has the IT team enough knowledge to handle the situation, is there a need for extra servers, or the running server needs to be stopped? And if there is an action plan for IT emergency situations, how can it be implemented?

News of data leaks travels fast in the world of social media. Company trust can be crushed in a matter of hours. In PR crisis media, customers and co-workers must be handled carefully and cautiously. Quick action and adequately controlled PR action is needed to regain trust and to protect the company’s reputation.

The event also can have significant financial consequences. Regulatory actions, fines can arise. People affected by data mismanagement can file lawsuits. Claims can come from companies who had to pay compensations to their customers. Investigating the causes of data leaks, reconfiguring networks, protection, restoring data and system is also costly. The company may be forced to shut down all operations – this causing significant income loss. Stock market and stock prices are also quickly affected by the event. Reputation loss can affect the company, and it’s leaders as well.

 

Data protection

Insured events

CyberEdge counters some of the potentially far-reaching consequences of data leaks and breaches. The insurance covers possible financial consequences of data protection events, data leaks or mishandling data. The insurance helps counter negative reputational effects by combining insurance protection with access to independent experts.

Crisis management

Crisis management mitigates reputational damage and rebuilds trust. In order to safeguard the company’s reputation, independent experts are hired and paid by the insurance company. PR services can be used to contain reputational damage. Insurance covers costs of notifying data subjects who may be affected by the event.

Covering damages

CyberEdge covers defence cost and damages associated with any breach of personal or corporate data, regardless that the insured or its contractual partners caused the damage.

Related to network security events defence cost and damages associated with the followings are covered:

  • if a virus infected third person’s data stored on the company’s system
  • if unauthorised access was detected to third person’s data due to mistake or negligence of the insured
  • if access code to the network was stolen from the company
  • if hardware containing personal data is stolen
  • if unauthorised publication of third party data by an employee happens

In the case of fines and investigations, the insurance covers the potentially significant costs and expenses of data protection, regulator investigations and legally insurable fines following data security breaches.

Optional multimedia liability insurance is also available, this covers the damages and defence costs incurred in connection with a breach of third party intellectual property or negligence in connection with electronic content. Privacy extortion liability insurance is also optional, this covers ransom payments (extortion loss) to third parties incurred in terminating a security threat. Network interruption is also optional and covers the loss of net profit as a result of a material interruption to the insured’s network, after a network security breach.

Safely with us

There is a slim chance to meet the risk detailed above at Virtual Call Center, but to provide full protection to it’s partners, AIG is data protection and liability insurer of Virtual Call Center. With this insurance, the company provides an extra guarantee for the continuous and hassle free operation of its partner.

More about the Virtual Call Center ’s insurance here.

Safely with Virtual Call Center – part 1

Posted on: March 27th, 2015 by viktorvarga No Comments

American International Group (AIG), one of the world’s largest insurance company, is the partner of Virtual Call Center for its data protection and liability insurance. After reviewing Virtual Call Center’s data protection and safety regulations, AIG found the company qualified to offer the Cyberedge insurance beginning at the 1st of January 2015.

AIG’s Cyberedge insurance covers losses up to 200 000 euros in case of security events such as data breaches, data loss, or improper data handling.

Virtual Call Center has a hassle -free history of collaboration with its partners for more than 15 years. Data protection has a central role in the company’s life. During his activity, the company established an impeccable professional track record in the fields of quality, security and data protection. This earned confidence is further strengthened by taking care of its partners with the help of AIG’s professional liability insurance.

Data protection with Virtual Call Center | VCC Blog

 

AIG’s insurance is an extra guarantee for unforeseen events, easing the financial burdens of the partners and such allowing continuous operation of the partner company. Partners can seamlessly concentrate building their own business instead worrying about unforeseen events.

Insurance cover responds to regulatory actions about the data misuse, control or processing of personal data, data privacy issues. It offers protection in case of network security events, loss of hardware containing personal data of customers. Covers compensation claims regarding partners intellectual property or other electronic content.

AIG insurance distinguishes Virtual Call Center not only on a national but also on an international level, showing that the company cares for its partners, thus further strengthening their confidence and commitment.

Data safety and data protection – part 2

Posted on: March 20th, 2015 by viktorvarga No Comments

Besides advantages mentioned before, the most violent disputes come from data safety and data protection issues.

Today’s technological tools – developed because of the increasing number of cyber-attacks and industrial espionage events – are perfectly capable to safeguard user’s data. Most of these technologies safeguard data and processes from unauthorised access: encryption, identification technologies, VPN, careful data separation. Redundancy and safety backups stored in geographically separated areas is a guarantee for data integrity in case of a storage catastrophe. (All these technologies mentioned here are used by Virtual Call Center).

Recent safety incidents extensively showcased in the world media could left some not so skilled technical users with the disturbing feeling, that not every service provider is doing what he can to ensure data safety. And even high technologies can not protect us from human error or negligence. But if we take a closer look, we can see, that data losses – from global IT companies like Sony or Apple – occurred at firms with cloud computing as not their main business. At these companies, cloud is only a supplementary service on track to growth. These vulnerable companies are part of a second wave businesses, who expand their traditionally profitable businesses or change their business model. These incidents show, that no matter how big and respectful one IT company is, safe and stable cloud service has its strict rules, and if they are not obeyed, there is large room for errors.

If we take the traditional cloud service companies – with a large cloud offering portfolio like Google and Amazon, or Microsoft, that shifted towards cloud a decade ago – they practically don’t have any real data loss incidents in their records. At these companies, even service continuity incidents are rare birds, data loss – due to multiple redundancies – is nearly impossible. Cloud service providers dedicate several divisions to maintain and develop their core business, every special field being managed by these divisions, and thus offering a stable, fast, reliable and comfortable cloud service.

 

Before signing up for a company, – just as we do when we choose a bank -, we have to check the service provider’s reputation. It’s no coincidence that reliability is the most important component of cloud service provider’s image. It’s worth to take a close look at certificates – despite that their system is not coherent yet. Because it’s in the interest of the cloud service providers to have a safe, reliable and stable operation, they will do everything to gain and maintain their users’ trust. In their contract they offer different guarantees to their customers, they aim to be transparent, treat their possible incidents publicly, offer broad support for their services, during malfunction a corresponding compensation can be expected from them – and some are even brave enough to resist at some level to a nosey state.

Data privacy is the other controversial and heated topic, and cloud receives many criticisms here. Because alongside with their data users pass some control over this data to the service provider. At most times, users don’t have the possibility to monitor their personal data handling for the chosen company. After consecutive scandals, there are a lot of improvements in this field lately because it became obvious for the big players that besides advanced technology user trust being their largest capital. Step by step they are operating more transparently, they try to offer more guarantees.

But naturally this is enough. Even Safe Harbour agreement – which regulates data handling in the USA and the European economic area for signing countries and companies – is not providing enough protection and legal aid, because of the multitude of regulations – as pinpointed by the competent EU workgroup (Article 29 working party). After data leaks linked to Edward Snowden USA-EU conflict in this area escalated. Talks are underway even nowadays, new EU data protection directives firmly stand beside strict limitations.

Choose wisely

Discretion is advisable when we are choosing our hairdresser or car service, it’s obvious that we have to proceed with the greatest caution when we are trusting our data with a company, and when our business continuity depends on the chosen partner.
When an EU company seeks for adequate guarantees, before making any decision we must check the following:

  • the selected cloud service provider operates in one of EU member countries – a cloud service provider operating outside EU poses further challenges due to the different legal, and economic framework they operate in, and settling arguments may prove difficult
  • providing a highly available service is a key advantage of a cloud service provider, and this should be the first parameter we are checking – we can find providers offering benefits in other areas, but low availability or ambiguously formulated ones annuls all these perceived advantages
  • in case of failure, incidents, down service what kind of financial compensation should we expect, the service provider has liability insurance
  • what kind of companies and from what areas use the cloud services, what are their terms of contracts
  • what kind of safety audits has the cloud service provider, who provided these audits
  • for how long is the cloud service provider operating
  • in the last three years what was the profitability of the cloud service company, what are his main financial indicators
  • if we decide to switch to another company, our data can be exported for further use, the platform used isn’t a proprietary one, which makes difficult or nearly impossible migration
  • is the cloud service provider flexible enough to handle new requests
  • support: what kind of technical or personal assistance is provided

For final evaluation of cloud technologies and cloud service providers let us turn to an analogy again: if the business owner is buying a car for the company, then he is not asking himself, “This car is a good thing?” but checks out what kind of parameters it needs, to raise the quality of his company’s service. But he also buys the car from a reliable source, where guarantees are provided, and where he can return later with complaints and questions. That’s exactly how it works when we are searching for a cloud service provider.