In honor of National Cybersecurity Awareness Month, here is Tip #18: Don’t forget about cloud security.
Whether it was due to COVID-19 or workforce trends, many organizations moved their servers, files, email and all business to the cloud.
But that doesn’t mean you don’t have to think about maintaining all that infrastructure or security because “the cloud” is just another name for “someone else’s computers.”
Steps you can take
Your cloud provider is responsible for the security of their computers. They’ll make sure the networking hardware that runs behind the scenes is updated, patched and capable of handling the workload. If you’ve contracted for it, they’ll make sure that your data is kept in two different locations so it’s safe from disasters.
But all that doesn’t matter if your users keep using passwords like “Spring2020.” It doesn’t help if your users keep clicking phishing emails.
You have a shared responsibility with your cloud vendor.
You still need to keep your virtual machines in the cloud patched, the connections to the cloud secured, and your passwords to cloud services secure. You still need to implement security features like multifactor authentication, provide training for phishing attacks and do everything else you would have to do if you hosted your servers on premises.