Securing Cloud-based Environments

Cloud computing, often referred to as ‘the cloud’, is the delivery of on-demand computing resources (e.g. applications and data storage) over the internet.

While cloud-based environments offer many advantages to organisations, they also introduce the potential for a number of technical security risks such as:

  • Data breaches;
  • Hijacking of accounts;
  • Unauthorised access to personal data.

Organisations should determine and implement a documented policy on the use of cloud-based environments. This policy should detail how the organisation will apply multiple technical and organisational security measures to ensure there is adequate protection for personal data stored on cloud-based environments. Multiple security measures should be applied consisting of, but not limited to:

  • Control over who has access to the information and the verification of their identity;
  • Firewalls;
  • Antivirus;
  • Review Default Security Settings;
  • Develop clear policies regarding the usage and security of cloud-based services;
  • Seek assurances from Your ICT service provider;
  • Staff training;
  • Categorisation of data stored on cloud-based environments should be carried out on the basis of the potential security risks associated with the sensitivity of the personal data in question. An organisation must have a clear understanding of the types of data stored in their cloud-based environments to allow them to determine the appropriate security controls.

For more information on securing cloud-based environments, please see our guidance note on securing cloud-based environments.