Everything's "in the cloud" these days. But what on earth does that mean?
Outsourced dataFirstly, now that you’re reliant on 3rd parties, you should be aware of their security considerations. Just as putting your valuable items in the Hatton Garden’s safety deposit boxes might be safer than keeping them in your bedside table, it doesn’t mean that they’re safe from theft. Similarly, putting your data and applications onto a cloud provider’s infrastructure might be safer than keeping on-site, but doesn’t guarantee it’s free from loss – responsibility now lies with the cloud provider. It’s important to rigorously assess the security of any cloud providers you use, as well as making use of their in-built security settings to ensure your data is as safe as it can be. This is especially relevant in the post-GDPR world. As a data-handler, it’s ultimately your responsibility to confirm that your data controllers are GDPR-compliant, and to take reasonable precautions to safeguard your users’ data.
Access managementSo, you’ve made sure you’re using a secure provider, with strong protection for your data – what’s next? Now time to ensure that this precious data can only be accessed by those who absolutely need to. In the old, cloudless world, an attacker would need to have a computer in the building to be able to access your company assets. Now, insecure credentials or misconfigured permissions are all anyone needs to get into your organisation. If access to your cloud infrastructure is not well-managed, then it’s just as insecure as if you’d left the door to your office open, or left access cards on the pavement outside the office building. Managing access to your cloud infrastructure is essential – but thankfully it’s all about doing the basics well. Ensure that permissions for cloud services are configured to restrict access to only those who need it. Require members of your organisation to use strong, unique passwords, and multi-factor authentication where possible. Additionally, making sure you regularly review who’s accessing your cloud applications and what they’re doing (i.e. looking at the logs) will help you spot areas where you can make access to your cloud infrastructure even more secure.
TrackingFinally, because cloud computing does away with the need for IT to set-up complex hardware & install applications, organisations have seen an explosion in the number of cloud service tools they use. This “shadow IT” covers the entirety of the business, with sales, marketing, HR, recruiting and other departments all making use of online apps to make their day-to-day work a little easier. However, this runs the risk of your organisation making use of insecure tools, and not appropriately managing access to the user data that’s being uploaded to these cloud providers. It only takes the weakest link to lead to a serious data breach, for which the whole organisation will be responsible. Just as it’s important to make sure your enterprise cloud partners are secure, it’s essential to track the cloud tools that your organisation is using – first to confirm that there’s no overlap of existing solutions; but more importantly, to ensure that all integrations are appropriately secured.
Luckily, KYND can helpThankfully, KYND makes these and other risks easy to understand, manage & fix. KYND ON now integrates with your organisation’s Office 365 cloud environment to retrieve recommended security actions across all your Microsoft apps. This is in addition to the service assessments that were already conducted on services we could connect to your organisation! Microsoft’s Secure Score automatically marks the security of your cloud environment based on your organisation’s settings and usage – taking into account the specific tools & products your organisation uses. It also highlights the concrete actions you can take to improve this security score, spanning the full range of your Office 365 environment. For instance, enforcing multi-factor authentication for admins will minimise the chance of unauthorised access by attackers; enabling mailbox auditing will reduce the impact of any cyber incident affecting your Outlook; or enabling Safe Links will prevent your users from accidentally clicking on malicious links in files. The great thing is that the recommendations you receive are targeted and personalised for your organisation’s exact circumstances. So where does KYND come in? Once you log in to KYND ON, you can now simply click “connect” on the cloud security page, and we’ll let you log in to Office 365. KYND will then do all the technical stuff to retrieve your Secure Score and recommended actions. They’ll then be consolidated in KYND, alongside all of your other cyber risks so you can address them all in one place. You can now start to take control of the risks involved with moving enterprise applications into the cloud, and KYND’s here to help you along the way. Get in touch if you’d like to find out more about how KYND can help you manage your cyber risks.
InsureTech business KYND secures £3.25 million investment from BGF