Engage with the Cloud

Published
September 01, 2021

Engage with the CloudThese can range from providing email platforms, file sharing facilities, video conferencing, to online collaboration tools. In most cases the Cloud Service Providers (CSPs) can secure the services being provided to the SME much more effectively and efficiently than the SME.

As mentioned earlier in the report SMEs should ensure they keep software installed on their computer systems patched and up to date. They also need to ensure their anti-virus solution is managed so that it is kept up data on all devices. Traditionally these two functions were often managed using servers and software installed on the SME’s own network. However, with many staff working remotely these solutions many not be as effective.

Moving to cloud based patch management and cloud based anti-virus platforms can provide the SME with the capability to ensure that their IT infrastructure is being managed and secured.

While offering many advantages, cloud based solutions do provide some unique risks which SMEs should consider before engaging with a CSP. ENISA have published a Cloud Security Guide for SMEs which SMEs should refer to when migrating to the cloud.

The following are some of the key items an SME should consider before engaging with a CSP;

  • Determine the physical location where the SME’s data will be stored. This is important to ensure the SME does not breach any laws or regulations by storing data, especially personal data, in CSPs located outside of the EU/EEA. For example, the EU GDPR requires that personal data of residents within the EU/EEA is not stored or transmitted outside of the EU/EEA unless under very specific conditions.
  • Implement Multifactor Authentication to ensure that cloud based accounts are at a lesser risk of being hijacked by criminals. Without MFA implemented on CSP based services the only protection for the accounts that access those CSP based services are the passwords people employ on their accounts. If those passwords are weak, have been reused from other websites, or the account holder falls victim to a phishing attack, then that could result in a security breach. MFA provides an additional layer of protection to help prevent this from happening.
  • Many cloud services are provided with built-in security features, however these are often turned off by default. SMEs should make sure they understand what the security features are in the service they are subscribing to and enable them. If the security features at the current plan the SME is using are not adequate the CSP may offer the required features at a different plan which the SME could subscribe to.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information