Securing Cloud-based Environments

Cloud computing, often referred to as ‘the cloud’, is the delivery of on-demand computing resources (e.g. applications and data storage) over the internet.

While cloud-based environments offer many advantages to organisations, they also introduce the potential for a number of technical security risks such as:

• Data breaches;
• Hijacking of accounts;
• Unauthorised access to personal data.

Organisations should determine and implement a documented policy on the use of cloud-based environments. This policy should detail how the organisation will apply multiple technical and organisational security measures to ensure there is adequate protection for personal data stored on cloud-based environments. Multiple security measures should be applied consisting of, but not limited to:

• Control over who has access to the information and the verification of their identity;
• Firewalls;
• Antivirus;
• Review Default Security Settings;
• Develop clear policies regarding the usage and security of cloud-based services;
• Seek assurances from Your ICT service provider;
• Staff training;
• Categorisation of data stored on cloud-based environments should be carried out on the basis of the potential security risks associated with the sensitivity of the personal data in question. An organisation must have a clear understanding of the types of data stored in their cloud-based environments to allow them to determine the appropriate security controls.

For more information on securing cloud-based environments, please see our guidance note on securing cloud-based environments.