NIST shared cloud services best practice
Companies that use cloud services must protect against physical threats such as natural disasters, tampering with servers or virtual machine managers, unauthorized access and data transfers, and weak login credentials. They must also log all attempts to access and alert when suspicious activities are identified. Furthermore, they must have adequate environmental controls such as backup power, continuously monitor all configuration changes, and use end-to-end encryption.
Cloud services are continuing to dominate the tech landscape, offering businesses a scaleable, flexible and cheaper alternative to purchasing and administering locally based servers and network infrastructure.
However, there are additional data privacy and security challenges to overcome. The need to comply with all applicable privacy and security laws can be a daunting task.
To begin with, whose personal data is being processed? It could be that the individual is a citizen of the European Union, in which case, they are protected under the General Data Protection Regulation (GDPR).
Next up is the question of what kind of data is being processed? Companies must be able to meet their own policies by implementing appropriate controls in accordance with its risk assessments.
Thirdly, the type of cloud servers being used may need to be restricted, depending on the laws in different locations.
Stay tuned for more on this subject, as we consider threats and vulnerabilities, plus helpful suggestions for robust administration and process controls, for best practice.