An increasing number of businesses are adopting cloud applications and services and that means cyber criminals are targeting these services. Now, new advice has been issued to help firms secure their data and services as they move towards the cloud.
The updated guidance from the National Cyber Security Centre (NCSC) – the cybersecurity arm of GCHQ – looks to supply everyone from small businesses to large enterprises with tools to ensure that, whether they are current or prospective cloud-computing users, they have appropriate cybersecurity measures in place.
The guidance also emphasises the importance of proper due diligence when handling sensitive data to reduce the risk posed by breaches, leaks or the loss of devices that have access to sensitive data.
SEE: A winning strategy for cybersecurity (ZDNet special report)
While many organisations have shifted towards using a wider range of cloud-computing applications as part of the rise in remote working, this move has also left many businesses vulnerable to cyberattacks and data breaches.
Much of the new cloud security guidance is based upon NCSC’s newly published principles-based technology assurance approach. Some of the key advice includes highlighting how cloud applications can be secure by default, which includes enforcing the use of multi-factor authentication to help secure accounts, even if the usernames and passwords are leaked or stolen.
The advice also recommends that cloud vendors make it as easy as possible for customers to fulfil their security responsibilities, while also encouraging customers to delegate as much responsibility for security as is practical to their cloud providers.
Outsourcing the cybersecurity of cloud could be particularly useful for small and medium-sized businesses who might lack the resources or staff required to fully secure the network – at a time when cyber criminals are known to be targeting smaller businesses as part of supply chain attacks.
“The cloud plays an increasingly vital role in the functioning of online services across the UK, and this trend will continue into the future. Our refreshed Cloud Security Guidance has the philosophy of security-by-design at its heart, meaning that organisations can have confidence when choosing a provider,” said Paul Maddinson, director of national resilience and strategy at the NCSC.
“I’d strongly encourage network defenders at organisations of all sizes to make use of the actionable advice set out in our refreshed cloud security guidance,” he added.
The updated guidance from the NCSC comes after the cybersecurity agency announced that it has taken down almost three million scam websites used to conduct cyberattacks during the past year.