“The cloud” has become one of the most widely used buzzwords in the business and technology world. More than just a buzzword though, it is also one of the most widely used services across all industries.
Despite this, many people don’t even know what it is. In simple terms, cloud computing relates to storing data outside your computer or device, and performing tasks using software and applications not installed on your computer. Many people use cloud and don’t even realise it through everyday applications like Dropbox and Google Drive.
Are your cloud providers secure?
When it comes to information security, many companies make the mistake of not looking beyond their own organisations.
Recently, we commissioned a survey in association with TechPro magazine of 263 IT professionals in Irish businesses. It looked at various aspects of information security within organisations based in Ireland.
Nearly 40% of respondents said they did not conduct a full cybersecurity evaluation of all third party cloud providers working with their organisations. A further 23% weren’t sure if such evaluations took place.
It’s important to remember that no matter how secure your own organisation’s IT infrastructure is, the cloud vendors you work with are an important link in the chain. If they fall victim to cybercrime, this can have a direct negative impact on your organisation.
Our experience tells us that organisations do not adequately consider the security of their downstream supply chain, whether cloud or non-cloud. When it comes to providing an integrated security service for your company, it’s important to liaise with providers who can reduce the complexity and cost of dealing with multiple suppliers.
Protecting your organisation’s sensitive data
It’s important to consider what organisations in the supply chain have access to sensitive information and conduct a full assessment of any potential risk with third party providers.
Malicious hackers are taking advantage of this security blind spot and are actively targeting less secure, smaller third-party partners as an access point to larger organisations.
Important Questions to consider:
- Which providers have access to my organisation’s sensitive data?
- Does my organisation assess all third party providers before giving them access to sensitive information?
- Do you have non-disclosure agreements with third parties?
- Who in my organisation manages this process?
- Is their role clearly defined?
- If in doubt, ask a trusted security expert.