The business signed up for a “cloud service” to gain efficiencies, reduce OpEx, etc. All good and valid reasons. However, signing up for a “cloud service” doesn’t mean data stored through such services is automatically secure. Many cloud providers make it the customer’s responsibility to secure their accounts, data, access to data, how 3rd parties interact with the data, etc.
So, “cloud” means “it’s just someone else’s computer” if you think about it.
How to ensure data in the cloud still receives the same focus from a security perspective?
After signing up with a cloud service, the first step should be enabling Multi-Factor Authentication (MFA). Using an authenticator app instead of SMS or email verification is preferred when setting up MFA.
Make MFA mandatory for all user accounts.
Understand the default security permissions before data is loaded into the environment.
Enable auditing on as many elements of the cloud platform as possible.
Review the default settings of the cloud service and ensure they don’t publicly disclose information or share information with 3rd parties.
Benefit: Understanding the security and audit features of the cloud provider will enable the business to make informed decisions as it provides data to the vendor. At the same time, should the vendor fall victim to a cyber incident, the organization may be able to determine more quickly if their data was exposed to unauthorized 3rd parties.
Have questions? Schedule a 20 minute call https://tiny.proactivediscovery.com/book-cyber-call
