Cloud Services - Things Worth Checking
30 November 2023
Many organisations have moved their office systems onto Cloud based arrangements deciding that it is both cheaper and safer to hold their precious data there rather than maintaining an in-house server facility of their own. Since most Cloud service providers are large multi-national businesses, it is reasonable to assume their systems are secure. However, it is worth noting that the majority of recent cyber break-ins have occurred on Cloud based services
In the early days of the Covid pandemic firms sent staff home to work. Personal computers belonging to employees lacked the rigor of ‘office IT’ and their firewalls causing havoc with cyber and data security.Home worker security is improving but still remains vulnerable to attack with firms having to keep a close eye on their defences to maintain a watertight seal on this data. Nearly a quarter of firms have experienced some sort of Cloud server incident since the beginning of 2022., from a misconfiguration to malware and or a ransom demand.
Some of this is down to firms having more than one Cloud server, making misconfigurations more likely, which seems to be the trend these days. Whilst this has ushered in more flexible software systems, most have found running on multiple severs more complicated.
Cloud providers with all the right credentials like ISO 27001 and ISO 9001 certifications, and Cyber Essentials Plus, CREST Certified, and or members of the PCI Security Standards Council ought to have everything covered; nevertheless, it is worth asking. Most vendors already have a good understanding of the various services currently on offer with which to select one that meets the needs of their firms and its management. However, contracting out your firm’s most precious data records and systems to a third party warrants a close eye on where and how it is being managed, if only for GDPR compliance reasons.
Your vendor should have scrutinised the wording of their Cloud providers terms and conditions, setup all the necessary security measures, including multi-factor authentication, and allowed for the inhouse use of other subsidiary Cloud services like Dropbox and Wetransfer, often referred to as Shadow IT, to bring everything under one robust security regime for the entire organisation. Again, it is worth asking your vendor that this is actually the case.
The security of data and systems being held on your Cloud server must remain in focus though, and not left to this or that assumption made about Cloud services in general. These are arranged on the basis of data storage needs only, with security coming later so it is vital to ensure all your storage and security needs are met. Nearly all the recent Cloud Service break-ins were suffered by firms who had not applied multi-factor authentication. In fact, there are so many firms who have not selected this extra layer of security that cyber criminals were falling over themselves to break-in! It is just too easy for them.
Moving systems and data to the Cloud, where most services are held on ‘shared’ servers, where there may be data belonging to several businesses on the same server, presents a far larger target for cyber criminals, allowing them to pick and choose who to go after, including many without multifactor authentication turned on! Cloud security should not be ignored and left to chance and warrants routine testing.
If you have a contract with a local and or large vendor who uses one of the big Cloud providers, most will be happy to run routine tests to ensure all is configured correctly. After all you do not want to find that you have been hoodwinked into handing over all your security credentials simply because they forgot to apply multi-factor authentication. www.the-bureau.co.uk Cloud service terms and conditions are worth a looksee. The providers should have already done this, but it is worth some further examination before you sign on the dotted line as some terms may not suit. These can then be examined and thrashed out further to reach an agreement. It is also worth asking whether the provider you have chosen does not have a clause in their terms and conditions that allows them to outsource your data to a third party as this may cause compliance issues, or worst still a loss of data.
Sub-contracting is quite common in this business, so it is worth checking how your data is being managed to ensure you are data compliant and that management is happy. Cloud based services are all the rage at the moment and when arranged well do provide the security and peace of mind that management seeks. However, the speed at which Cloud services have grown some may be reluctant to question their vendor terms and conditions. If you have not already done this, you should as it may well confirm that all is well, equally it could uncover some discrepancies which can then be ironed out.
One of the big misconceptions of relying on a Cloud-based server is that your data is automatically backed up to another server and protected, completely safe from intruders. Unfortunately, this is not the case. Most of the big names in Cloud Server Security follow what is called the ‘shared responsibility model’ making the firm responsible for the viability of its own data.
A lot of firms are unaware of this rather important aspect of Cloud storage which means data can be vulnerable to attack. Each Cloud provider should have clear and transparent terms for their applications with tight security protecting personal and business data for each of their firms’. Protecting the integrity of your data is paramount, requiring the need for strong passwords, encryption, and unique user names for all your data and documents, as well as multi-factor authentication which is an essential part of Cloud security.
The firm’s data controllers should be examining the pros and cons of their Cloud technology before going down this route and how and why it will benefit their firm. Its affordability may be the main reason, but this should not be at the cost of security. Most firms now understand that to be safe online requires vigilance. By navigating the now daily routine of cyber threats, malicious malware, ransomware and phishing attacks, Cloud providers must keep their firms away from these dangers.
Regulatory compliance in the form of GDPR and cyber security now play a big part in the way management oversees and manage staff, data and cyber security, password control measures as well as the many new and clever techniques to control phishing and other external emails. Whilst there are other risks to contend with, compliance and cyber security are now firmly top of the list.
Other Press Releases By This Company
- 23/01/2024 - The Case for Cyber Insurance
- 23/01/2024 - Hybrid Office
- 04/04/2023 - Email marketing was the most used digital communication tool in 2022.
- 27/01/2023 - Cloud Services – things worth checking
- 27/01/2023 - 'Prove It'
- 02/12/2022 - Cloud Services – things worth checking
- 02/12/2022 - Designing a Cyber Defence Strategy for your Firm
- 12/10/2022 - 'Prove It'
- 02/08/2022 - Social Media - No longer an abstract asset?
- 02/08/2022 - Grow Your Website & Online Presence
- 02/08/2022 - Tackling data overload and cybercrime
- 06/06/2022 - Using Our Smartphone Security Credentials
- 06/06/2022 - Making Home Working Work
- 06/06/2022 - Tackling Incoming Cyber Threats
- 05/05/2022 - Videos and Social Media
- 14/04/2022 - Digital Signing Conveniences
- 14/04/2022 - Zero Trust Cyber and Data Security
- 14/04/2022 - Firms Getting Serious About Cyber Security
- 14/04/2022 - Create a Bigger and Better Web Presence
- 14/04/2022 - What is Social Engineering?