Securing Cloud-based Environments
Cloud computing, often referred to as ‘the cloud’, is the delivery of on-demand computing resources (e.g. applications and data storage) over the internet.
While cloud-based environments offer many advantages to organisations, they also introduce the potential for a number of technical security risks such as:
- Data breaches;
- Hijacking of accounts;
- Unauthorised access to personal data.
Organisations should determine and implement a documented policy on the use of cloud-based environments. This policy should detail how the organisation will apply multiple technical and organisational security measures to ensure there is adequate protection for personal data stored on cloud-based environments. Multiple security measures should be applied consisting of, but not limited to:
- Control over who has access to the information and the verification of their identity;
- Firewalls;
- Antivirus;
- Review Default Security Settings;
- Develop clear policies regarding the usage and security of cloud-based services;
- Seek assurances from Your ICT service provider;
- Staff training;
- Categorisation of data stored on cloud-based environments should be carried out on the basis of the potential security risks associated with the sensitivity of the personal data in question. An organisation must have a clear understanding of the types of data stored in their cloud-based environments to allow them to determine the appropriate security controls.
For more information on securing cloud-based environments, please see our guidance note on securing cloud-based environments.