The December 2017 Verizon Data Breach Digest focused on the use of cloud services and is worth a read. The Digest identified key issues that you should be aware of:
- Location of Systems and Data – If you need to access your cloud assets do you know where it is? Know that there are different rules governing cyber facilities in different jurisdictions which may, or may not, be a concern.
- Physical Access – If you need access to your data and services will it be allowed and facilitated?
- Forensic access storage – Will you be able, when a breach occurs, to examine data and systems to determine extent and remediation?
- Reliance on written agreements – How comfortable are you that the written agreement you have with your cloud provider(s) will be honored?
In order to improve prevention and mitigation of incidents you should:
- Know where you data is located
- Use a seasoned service provider
- Authenticate using multiple factors
- Limit access to critical assets
- Use log data and make it useful
Should you suffer an incident consider the following actions:
- Use incident response playbooks
- Change administrative passwords immediately
- Get to data quickly
- Be flexible with data collection options.
If you would like to know more the full digest can be downloaded here.
Another option is to join the online Cyber Exposure Management Course Series.
Here are the options:
Option 2. Advanced Cyber Exposure Management
(most cost effective option)