That Doesn’t Apply To Us; We Do That In The Cloud

By Richard Brechwald • November 6, 2018

Companies are becoming increasingly enamored with the advantages offered by cloud computing. However, many mistakenly assume that once you upload your data, it’s up to the cloud service provider (CSP) to keep it all safe and sound. In reality, most CSPs use what’s known as a shared responsibility model for security, meaning that only certain aspects of your cybersecurity plan are their responsibility. Ultimately, YOU are responsible for the security of YOUR data.

With cybercriminals attacking from every direction, it’s your responsibility to prevent misunderstandings that might lead to damaging data breaches. For this reason, having a full picture of the risks associated with your chosen CSP, along with a clear agreement on roles and responsibilities, is paramount if you hope to keep your sensitive data protected.

Review Your Security Documentation

In the excitement of exploring the capabilities of the cloud, it’s easy to be less than thorough in your assessment of your CSP’s security practices.

However, you need to be sure that your CSP is employing industry-leading incident response tools, consistently auditing its security systems, rigorously testing for weaknesses, and protecting against emerging threats. You can do this by taking a look at your provider’s System Security Plan (SSP).

Reviewing an SSP is the most accurate way to assess the security controls your CSP is implementing. As the main document in a security package, an SSP gives you a detailed report on security protocols and highlights any gaps that may need to be addressed.

If you have a contract that requires compliance with DFARS 252.204-7012, then your CSP must meet the standards set by the FedRAMP moderate level of protection, and support government incident response efforts.

Doing your due diligence and insisting on rigorous compliance certifications, such as SOC Type II or PCI DSS, will give you peace of mind that your CSP is following the latest regulatory measures and maintaining the highest levels of data security.

Treat the Cloud like It’s Your Home

Some businesses are under the illusion that, since the cloud is not an on-site system, it doesn’t need to be treated in the same way they’d treat their personal systems. If you’ve made that mistake, then it’s imperative that you start viewing the cloud like the extension of your business it truly is.

It’s critical to be proactive in this regard, as opposed to waiting for a problem to occur and then addressing your security gaps. In the same way that you don’t allow every employee unrestricted access to your in-house systems, it’s essential to manage and control access to the cloud within your company.

Create written guidelines that specify who can use which cloud services, what data can be stored there, and for which purposes the cloud is to be used. Train your staff on the risks of cloud use and make sure they are aware of the latest trends in cybercrime that affect cloud users.

Encrypting the data you move to and from the cloud is also an absolute must. You want to take particular care to ensure that data is encrypted during transit when it is most open to attacks. Also, verify that your CSP encrypts your data at rest and on backup media to prevent data leaks.

In short, make sure you’re treating the cloud-like you would your own home. Lock the doors, turn on the alarms, and train yourself on how to respond to emergencies, so you can sleep easy knowing you’re adequately protected.

Stay Alert About Your Cloud Vendor

The world of cybersecurity moves quickly and, in the event that there’s a breach or a threat concerning your specific vendor, it’s best that you know as soon as possible. If your cloud provider has security alerts, make sure you have notifications enabled, and check resources such as the US-CERT for announcements about threats that have been reported.

Looking for Secure Cloud Solutions?

If you want to stay ahead of developing cyber threats and you’re wondering how to implement strong security measures for your cloud services, let the cloud experts help you. CyberSheath’s cloud solutions are second to none, so contact us now and let us give you a helping hand to keep your business secure.

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO