“Cloud security” - information security awareness and training module for August
Background and scope
Cloud computing is a hit - already popular and still growing. In adopting commercial
cloud services, particularly public SaaS (Software as a Service) provided over the Internet, we are implicitly handing over a substantial part of the control and security of our information to the C
loud Service Providers. In fact, we are literally passing them
our valuable information. If the CSPs turn out to be incapable or incompetent at securing our information, their incidents become our nightmares.
NoticeBored has covered cloud security a few times before. This time around, we’ve
put more emphasis on workers’ use of commercial cloud-based office packages such as G-suite and Office 365, and free public cloud services such as Dropbox and social
media – apps that workers are probably using in their personal lives and maybe also at work … where the information risks and security implications are different.
We’ve included a generic checklist with which to review, score and compare CSPs
according to their information security status. If you don’t already have a means of reviewing and approving or authorizing certain cloud services for business use (or
prohibiting those that are unsuitable), the checklist might help as part of the process of gaining and maintaining control over cloud services and the information risks arising.
August’s awareness and training module:
Introduces cloud security, providing general context and background information;
Elaborates on the information risks in the business context, particularly those
associated with public cloud services such as G-suite, Office 365 and social networking;
Offers pragmatic guidance, tempering the advantages of cloud computing with the information risks;
Motivates people to think - and most of all act - more securely when considering, selecting and most of all using cloud services. Are they
appropriate and sufficiently secure for business purposes? Are they approved or authorized? Are there better alternatives?
Consider your learning objectives in relation to cloud security, including any related issues or concerns that are worth bringing up this month.
As well as customizing the NoticeBored materials to suit your awareness branding and objectives, feel free to blend-in additional content. Use the
materials in the company newsletters and magazines, your intranet Security Zone, in awareness events and training courses, and for new employee induction or orientation purposes.