Cloud-based environments offer many advantages to organisations. However, they also introduce a number of technical security risks which organisations should be aware of such as:
Hijacking of accounts
Unauthorised access to personal data
Organisations should determine and implement a documented policy and apply the appropriate technical security and organisational measures to secure their cloud-based environments. If organisations do not implement such controls, they may increase their risk of a personal data breach.1
Organisations should apply such technical security and organisational security measures in a layered manner consisting of but not limited to:
A layered approach to cloud-based security mitigates the risk of a single security measure failing which may result in a personal data breach.
Many cloud-based providers, such as Microsoft’s Office 365 and Google’s G-suite provide advanced settings and solutions which can assist organisations to appropriately secure their use of cloud-based services. These providers, in most cases, also offer best practice guidance to assist organisations in securing their cloud-based environments.
Additional information, advice, and best practice regarding security of cloud-based environments is also provided by agencies such as the European Union Agency for Network and Information Security (“ENISA”) https://www.enisa.europa.eu/, and the US-based National Institute of Standards and Technology (“NIST”) https://www.nist.gov/topics/information-technology.
The following guidance illustrates five key ways organisations can secure their cloud-based environments to mitigate their risk of a personal data breach.
Clique aqui e leia o documento completo.