Main Nav

Cloud Security Awareness

Cloud computing is similar to the Bring Your Own Device (BYOD) syndrome. You can fight it all you want, but sooner or later your organization will most likely have to accept it. A common failure with securing the Cloud is that most organizations focus on only the technical controls, such as where is the data stored or when and how is the data encrypted. However, you must also train and educate the very people using this technology or you can expose your organization to tremendous risk. Technical controls can only do so much. The following are some of the key awareness points to consider.

1. What Is The Cloud?

First, don't assume everyone in your organization knows or understands what the Cloud is. Before you start explaining policies for Cloud, explain what it is and how it works. Consider including examples; people may not realize that Google Docs or Dropbox is the Cloud.

2. Is The Cloud Allowed?

Is the use of the Cloud allowed in your organization? If no, then make sure people know it. If yes, then which Cloud solutions can they use and what are the limitations? Are they allowed to install their own Cloud solution? For example, if you have BYOD you may want to make sure people are not backing up your organizational data to their personal iCloud account.

3. Sharing

What data can be stored in the Cloud? Once stored, what data can they share and with whom? Can they use the Cloud to share data with people outside the organization?

4. Access

What devices can they or can't they access the Cloud from? Is two-factor authentication required? What other access requirements do you have?

The Cloud, like so many other technologies, is a tremendous tool organizations can leverage. However just like so many other technologies, unless people understand the basics of how to use it securely, you are exposing your organization to tremendous risk.

BIO: Lance Spitzner is the training director of SANS Securing The Human program. His job and passion is helping organizations around the world build high-impact awareness programs. To learn more or download free resources visit the Securing The Human website.