top of page
Abstract Background_edited_edited.jpg

Back to Basics - Part 3: Cloud Services

The business signed up for a “cloud service” to gain efficiencies, reduce OpEx, etc. All good and valid reasons. However, signing up for a “cloud service” doesn’t mean data stored through such services is automatically secure. Many cloud providers make it the customer’s responsibility to secure their accounts, data, access to data, how 3rd parties interact with the data, etc.

So, “cloud” means “it’s just someone else’s computer” if you think about it.

How to ensure data in the cloud still receives the same focus from a security perspective?

  1. After signing up with a cloud service, the first step should be enabling Multi-Factor Authentication (MFA). Using an authenticator app instead of SMS or email verification is preferred when setting up MFA.

  2. Make MFA mandatory for all user accounts.

  3. Understand the default security permissions before data is loaded into the environment.

  4. Enable auditing on as many elements of the cloud platform as possible.

  5. Review the default settings of the cloud service and ensure they don’t publicly disclose information or share information with 3rd parties.

Benefit: Understanding the security and audit features of the cloud provider will enable the business to make informed decisions as it provides data to the vendor. At the same time, should the vendor fall victim to a cyber incident, the organization may be able to determine more quickly if their data was exposed to unauthorized 3rd parties.

Have questions? Schedule a 20 minute call



RESOLUTE is a fully-managed cyber risk mitigation service that helps boutique and SMB (small to medium-size business) organizations protect, mitigate, and prepare against constantly evolving cyber threats.

bottom of page