Change your cloud security configurations from the default
Your organization’s cloud solutions are not inherently secure from data compromise or disaster.
Cloud services offer impressive physical and infrastructure security that is unparalleled due to scale and specialization, but the implementation of this security is up to your organization. Default configurations do not include many standard security configurations and features, and many cloud data storage access controls are designed to give website assets flexible access and thus allow for public access out of the box. What’s more, computer infrastructure is not automatically backed up or failed over.
Cybercriminals use free, automated and crowdsourced tools to leverage blind spots in an organization’s cloud security and configurations.
• Use built-in security testing features, if available: Microsoft has Secure Score for Microsoft and Office 365 implementations, as well as Microsoft 365 Compliance Center. Amazon Web Services has Inspector and AWS Compliance Center.
• Contract a third party to assess your cloud infrastructure’s security: When Wipfli performs penetration testing, we can often compromise a network because of cloud infrastructure. Engaging a third party helps you identify weaknesses and mitigate your risk.
• Include cloud infrastructure, data and access in your business continuity, disaster recovery and incident response plans: Data center servers are hardware, and hardware failure still happens in the cloud. Cybersecurity threats also necessitate including the cloud in your continuity and response plans.