Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Basing Your Cloud Security Strategy on Your Data Footprint

Written by  Dec 12, 2019

In the cloud, organisations cannot abdicate their responsibility to third-party providers. Instead, they need to assure that they work with their cloud providers and that they understand fully how the division of responsibility is configured.

Particularly as it pertains to personal data that might be covered by the General Data Protection Regulation (GDPR) and other regulatory policies.

It is clear that cloud can introduce new risk to organisations . Cloud has been identified as the top technology that increases risk in a recent survey on enterprise risk from Isaca.

However, cloud security solutions have become essential for many organisations in today’s technology environment, so it is important for organisations to configure those partnerships carefully and in ways that best support the specific organisation’s data footprint.

This depends largely on the organisation’s size and the type of data that it collects. Large companies are often astute at managing third-party contracts, but frequently, smaller companies mistakenly believe that simply using a cloud provider or software-as-a-service (SaaS) application means they are covered, and that might not always be the case – the company still has the ultimate responsibility for owning and processing its data.

Advertisement
Norton Security Deluxe 2019 | 5 Devices + Utilities| 1 Year | Antivirus Included | PC/Mac/iOS/Android | Activation Code by Postamazon uk

However, third-party providers can help greatly and, in many cases for small businesses using cloud, the security is improved because the company does not otherwise have the resources to devote to security measures that can be found through cloud providers. In many respects, cloud providers are getting better than ever at providing security, but then again, given heightened regulation and scrutiny from both governments and the public, the standard for providing a sufficient level of security continues to rise.

Another important consideration is that, in many cases, organisations will want to encrypt the data stored in the cloud and then carefully manage those keys. They should be sure to have an appropriate key vault where keys are stored and never have them hard-coded into the software. Many cloud providers and third-party suppliers provide key vaults.

Again, the organisations size often will come into play in determining the best path for key management. Small businesses are more likely to elect to have the cloud provider manage the key because the cloud provider is likely to have more advanced expertise.

small businessAlso see: What sort of security software and backups do I need for a small home business?

However, if key management is something an organisation feels comfortable with, as may be the case for many larger organisations, managing their own keys is likely to be the most obvious choice. If there is any doubt about how to handle the keys, letting a trusted third-party manage the key is probably the way to go.

But beware: if organisations encrypt their data, they had better not lose access to that key. Because if it goes missing, you lose your data, and that can have very serious and irreversible consequences.

Individual users might deploy encryption and then forget their encryption password to unlock the key, (not as rare as yoou might think) and then the data is gone unless they have an unencrypted backup available.

Cloud Computing Security: Foundations and Challengesamazon uk

The nature of the data involved is another crucial factor. The more sensitive the data, the more reluctant organisations might be to outsource the security around that data, but at a minimum they should consider bringing in some outside expertise to make sure the keys are being managed properly.

For smaller companies, even if the data is highly sensitive, outsourcing key management to a cloud provider will probably be necessary to reduce the risk of losing keys.

Lastly, consider how the data is being protected and used, and be mindful of providing assurance over the full lifecycle of that data. Industry bodies such as Isaca and the Cloud Security Alliance provide useful resources for organisations along those lines.

While cloud security can pose complicated scenarios to organisations, many of the answers come back to having sound risk management policies and procedures. Perhaps the biggest recipe for success is organisations having a realistic understanding of their own security capabilities, how their resources are best deployed, and a reliable inventory of the nature of the data that they collect and maintain.

In many cases, engaging in agreements with cloud providers is an essential step, but it is critical that enterprises understand the division of responsibilities with the cloud provider and have an action plan in place for how to work together with the provider if an incident arises.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular News

May 06, 2020 IT Security News

Popular VPNs Exposed Users to Attacks

Researchers analysed some of the most popular VPNs and discovered that two of them were affected by vulnerabilities that...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

May 19, 2020 IT Security News

EasyJet data breach: Over 9 million customers affected

The personal data of over 9 million EasyJet customers has been infiltrated by hackers, including over 2,000 users' credi...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

May 11, 2020 Cloud Security News

Tips to help secure your cloud data in the UK

In this digital age, it’s not a great idea to trust someone with your sensitive data. ...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

May 28, 2020 IT Security News

UK virus apps highlights tension between privacy and need for data

As more UK and European governments turn to tracing apps in the fight against the coronavirus, a deep-rooted tension bet...

Apr 10, 2020 IT Security News

The importance of security for UK office printers

When it comes to digital security, we tend not to think about printers as they are often seen as dumb devices with a few...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 20, 2020 IT Security News

To VPN or not to VPN for business users

It’s a question many organisations are asking as they work to provide secure and reliable remote access at scale. ...

May 14, 2020 IT Security News

Windows 10 is getting DNS over HTTPS (DoH) support

DNS is one of the last protocols that still runs unencrypted on the Internet. ...

Apr 11, 2020 IT Security News

Tips for testing an IT security experts worth in the UK

There is no shortage of people presenting themselves as security experts. Some of them truly are, the others may or may ...

May 28, 2020 IT Security News

Defence tips to stop a trojan invasion

Knowing not to open email attachments from unfamiliar addresses, or even the email itself, is a vital step to preventing...

Apr 22, 2020 IT Security News

Kaspersky shares 10 security and privacy tips when using Zoom

The recommendations from Kaspersky come following recent concerns regarding Zoom's security and privacy. ...

Advertisement
Symantec Home 120x60

Advertisement