EDITOR ’ S QUESTION
TOM CALLAHAN , DIRECTOR OF OPERATIONS , MDR – PDI SOFTWARE
hen most people think of security , they tend
W to focus on why they need it in the first place . If you know what your primary threats are , it ’ s much easier to define a security strategy to help prevent or stop those threats . This approach definitely
MANY OF THE GREATEST VULNERABILITIES FOR BREACHES IN THE CLOUD STEM FROM IMPROPERLY MAINTAINED ACCESS CONTROLS , OR WEAK PASSWORDS AND LOGON CREDENTIALS . applies to safeguarding cloud-based data . Even as the popularity of cloud computing soars , many organisations still have fundamental security concerns . However , the cloud isn ’ t necessarily more or less vulnerable than any local IT systems as long as you utilise security best practices .
You can start by defining a clear cybersecurity strategy and avoid migrating any data to the cloud until your IT team thoroughly understands that strategy and any related processes .
As you begin to work with cloud services providers , you need to do your due diligence in understanding service level agreements and identifying which party is responsible for certain areas of security ( what ’ s commonly known as a ‘ shared responsibility model ’).
This really comes into play if you handle financial or personally identifiable information that ’ s subject to compliance and industry regulations . Most cloud providers offer some level of security , but you ’ re typically on the hook for key items such as backups , passwords , Multi-Factor Authentication ( MFA ) and logon restrictions .
It ’ s important to train all personnel that will be interacting with the cloud platform , about security . Many of the greatest vulnerabilities for breaches in the cloud stem from improperly maintained access controls , or weak passwords and logon credentials .
In fact , many ransomware attacks in the cloud rely on account hijacking or stolen credentials to access sensitive data . This is where ongoing security awareness training and easy-tounderstand security policies go a long way in reducing risk .
Threat detection and response capabilities are also critical for securing the cloud . If you can ’ t identify potential threats in real time , you ’ ll struggle to prevent breaches .
Programmatic detection and response tools are usually a good way to strengthen your overall security posture , and proactive 24 / 7 / 365 monitoring is a must .
If you don ’ t happen to have the inhouse resources or expertise to handle this type of cybersecurity work , you should seek out a reliable partner that can provide services such as Extended Detection and Response ( XDR ). And don ’ t forget that you should always have a reliable Disaster Recovery and Business Continuity plan no matter where your data resides . ◊
32 www . intelligentdatacentres . com