{"id":24684,"date":"2018-12-04T09:00:00","date_gmt":"2018-12-04T15:00:00","guid":{"rendered":"https:\/\/centricconsulting.com\/?p=24684"},"modified":"2021-12-15T00:15:45","modified_gmt":"2021-12-15T05:15:45","slug":"holistic-security-in-the-cloud_portal","status":"publish","type":"post","link":"https:\/\/centricconsulting.com\/blog\/holistic-security-in-the-cloud_portal\/","title":{"rendered":"Cloud Security: A Holistic Approach to Solve General Issues"},"content":{"rendered":"<h2 style=\"text-align: center;\">Have you thought of your approach to cloud security? Here are three quick ways to make sure your security stance is off to a good start.<\/h2>\n<p class=\"intro-text\">I normally write about Office 365 and Azure products and strategies, but I\u2019ve begun to see a number of general security deficiencies with a growing number of my clients.<\/p>\n<p>Therefore, I won\u2019t limit this blog to a product or service. Instead, I&#8217;ll share a more holistic philosophy.<\/p>\n<p>In the past, most organizations were apprehensive to move to the cloud primarily because of security concerns.<\/p>\n<p>Today, however, when we ask clients how they feel about their security posture in the cloud, they will typically respond with affirmations on encryption, email sanitation, or other security services.<\/p>\n<p>A few questions to consider: Are these services configured optimally and verified regularly? What about additional layers of security like people and information? Let&#8217;s explore that.<\/p>\n<h2>Cloud Security Policies to Put In Place<\/h2>\n<p><strong>A good starting point to ensure a positive security stance would be something like the following:<\/strong><\/p>\n<ol>\n<li>An ongoing user education program<\/li>\n<li>An identity protection program<\/li>\n<li>An information protection program<\/li>\n<\/ol>\n<p>These are all items for which a cloud consumer is responsible.<\/p>\n<h3>1. User Education Program<\/h3>\n<p>Foremost on the list is an ongoing user security awareness program.<\/p>\n<p>Users will help if they know how to help and it is our responsibility as IT Pros to educate them. They not only need to know how to be actively secure, but also why security is important.<\/p>\n<p>The easiest way to do this, like with most IT functions, is to get the proper buy-in and support from the executive levels. With that in place, you can help managers understand why it\u2019s important to have their direct reports involved in the security of the company, its people, and its data.<\/p>\n<p>The simplest way forward is to publish a professional video or videos related to work functions. The end result of this program is that people are aware of what is and isn\u2019t acceptable.<\/p>\n<p><strong>Most people will abide by the security policies in place if they understand the what and why.<\/strong><\/p>\n<h3>2. Identity Protection Program<\/h3>\n<p><em>12345. 12345678. password. Pass@word1.<\/em><\/p>\n<p>You know them. And still you are amazed when you find that one of your users is using a password like this.<\/p>\n<p>This has been the case for 30 years (probably throughout history) and it isn\u2019t going to change. It\u2019s easy to remember these but also easy to guess these if you\u2019re a bad guy looking to get in. As an IT Pro you are responsible for helping people protect themselves.<\/p>\n<p>If you have personal accounts for banking or insurance, then you probably already use a second factor of authentication. If you don\u2019t, start doing so now. And protect your employees in the same way by rolling out a multi-factor authentication program of some kind.<\/p>\n<p>Identity protection providers all offer it now, and if they don\u2019t, then select one who does. This is without question the simplest way to protect all your user accounts.<\/p>\n<p><strong>A prompt from an authentication app is a good way to introduce a multi-factor solution that is easy for users to employ.<\/strong><\/p>\n<h3>3. Information Protection Program<\/h3>\n<p>Do you know what data you have, where it lives, how current it is and to whom it is being transmitted? The work to be done protecting your company\u2019s information is not a small task.<\/p>\n<p>What locations do you allow, is data encrypted there, is it encrypted when it\u2019s in transit or in use? Most people I talk to aren\u2019t 100 percent sure. Be 100 percent sure.<\/p>\n<p>It\u2019s our responsibility as IT Pros to strike the right balance between what our people can do with information that belongs to the company and what they cannot do.<\/p>\n<p>Are you monitoring shadow IT? If users need to do something that you don\u2019t allow, and they need to do it, they will find a way in many cases.<\/p>\n<p>Actively monitor this activity and adjust policies as needed.<\/p>\n<p><strong>Classify the information you have, archive what\u2019s no longer required daily in a safe location, and monitor sensitive information transmission.<\/strong><\/p>\n<h2>Final Thoughts<\/h2>\n<p>If you haven\u2019t gone through the process of configuring security in the cloud and you\u2019re using default settings, or not sure the settings you have are optimal, fix that now.<\/p>\n<p>Spend the money and the time up front and save the pain of tracking down intruders later.<\/p>\n<p><strong>We offer a service in which we take a look at your cloud environment and verify configuration items and why they are set the way they are. You will be surprised at what you find.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Have you thought of your approach to cloud security? Here are three quick ways to make sure your security stance is off to a good start.<\/p>\n","protected":false},"author":147,"featured_media":24888,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","footnotes":""},"categories":[1],"tags":[18527],"coauthors":[],"acf":[],"publishpress_future_action":{"enabled":false,"date":"2024-07-21 22:10:13","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category"},"_links":{"self":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts\/24684"}],"collection":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/users\/147"}],"replies":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/comments?post=24684"}],"version-history":[{"count":0,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/posts\/24684\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/media\/24888"}],"wp:attachment":[{"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/media?parent=24684"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/categories?post=24684"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/tags?post=24684"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/centricconsulting.com\/wp-json\/wp\/v2\/coauthors?post=24684"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}