As we are again in a period of change regarding our working practices and seeing many more people working remotely, cloud services are going to be high on the cyber security agenda once more. One benefit cloud services provides for remote working is that staff can work anytime and from any location as long as they have an internet connection and access into the cloud, which makes home and remote working an increasingly accessible option for many organisations.
Cloud services can reduce or eliminate the need for employees to store sensitive data on their devices, which is an important consideration for remote working as devices are far more likely to become damaged, lost or even accessed by unauthorised people when not contained within an office environment. Cloud services therefore can provide greater peace of mind that data is not lost or inaccessible should a device become so.
Storing business data in the cloud is the preferred option for many organisations today due to accelerated growth and the need for adaptability. The freedom to move, as the business demands, provided by cloud storage and services, enables an agile working environment. It is much easier for growing businesses or those with fluctuating demands to increase or decrease their storage capacity using the flexibility of cloud services. Couple this with the benefit of staff collaboration and it makes for a very attractive option for many organisations. The ability to be able to access, view and update documents in real time means teams have full visibility of the most recent changes and are working with the most up to date version of the document. Before cloud services, staff were having to share documents via email to be worked on by one staff member at a time and more often than not this lead to conflicting content and formatting. When files are stored centrally, everyone sees the same version.
Cloud storage is often deemed more secure, however as cloud storage operates a ‘shared security model’ it means that both the cloud provider and you as an organisation have a shared responsibility for security. It is essential to understand who is responsible for what; for example, who is responsible for taking care of patching systems and encrypting data? Microsoft share some great graphics on how shared responsibility shifts ownership within the relationship. Cloud storage is often a more cost-effective solution for SME’s to store large amounts of data rather than managing their own networks and servers in house, but understanding that you still have responsibilities around security is vital. When multiple employees are accessing and collaborating on documents simultaneously, it is more important than ever to have robust and effective document and access control, and organisations need to ensure they understand who this responsibility falls to.
Threats are always on the rise and not all breaches are sophisticated. Hackers often gain access into business networks due to weak passwords and unimaginative memorable questions. A multi layered approach is required to protect your business. In smaller businesses it’s typically unlikely to find the necessary skills in-house to effectively identify and mitigate security risks. Multi factor authentication and event logging can become part of your security strategy but there are many other aspects to security such as educating staff, clear processes and guidelines and planning to deal with incidents that are equally important.
Policies and training have a crucial role when developing your cyber security. If a business is migrating from an on-premise solution to a cloud solution, there are some specific considerations. They will need to ensure that employees are given the right level of training and appropriately revised working practices to ensure they have enough knowledge to carry out their usual duties securely. This includes the technical teams responsible for architecting and supporting the transition to cloud based systems. A shift to cloud with little or no training to the wider business could lead to configuration errors with a devastating effect on the business. Delivering these changes can present resourcing challenges for many organisations.
It has become increasingly the case that small to medium organisations will seek the support of a virtual Chief Information Security Officer (vCISO) to help them navigate a way to a more secure business. A CISO is responsible for information and data security within an organisation, and a vCISO performs exactly the same function but is not a member of the internal business team, or even an employee of the business but instead is an external resource. Investing in directly employed security resource is often not possible for smaller organisations, so being able to outsource to a 3rd party where you can have a fixed amount of time per month, or pull on the resource when needed, provides a flexible and effective solution.
At CyberScale, we are experienced in delivering vCISO services across a range of industries including housing, manufacturing and legal services, and we are seeing an increased demand for this valuable service. As part of this service we can review your cloud security configurations and remote working practices providing you with our recommendations to bolster your security and continue to operate in the most secure way possible for your business. To further enhance your security position we have a range of training courses and workshops that can be built in to your security strategy to grow confidence among staff and leadership teams.