Cloud security” - information security awareness and training module for August

Thumbnail of one of this month's poster imagesBackground and scope New this month

Cloud computing is a hit - already popular and still growing.  In adopting commercial cloud services, particularly public SaaS (Software as a Service) provided over the Internet, we are implicitly handing over a substantial part of the control and security of our information to the C loud Service Providers.  In fact, we are literally passing them our valuable information.  If the CSPs turn out to be incapable or incompetent at securing our information, their incidents become our nightmares.

NoticeBored has covered cloud security a few times before.  This time around, we’ve put more emphasis on workers’ use of commercial cloud-based office packages such as G-suite and Office 365, and free public cloud services such as Dropbox and social media – apps that workers are probably using in their personal lives and maybe also at work … where the information risks and security implications are different. 

We’ve included a generic checklist with which to review, score and compare CSPs according to their information security status.  If you don’t already have a means of reviewing and approving or authorizing certain cloud services for business use (or prohibiting those that are unsuitable), the checklist might help as part of the process of gaining and maintaining control over cloud services and the information risks arising.

Learning objectives

August’s awareness and training module:

  • Introduces cloud security, providing general context and background information;
  • Elaborates on the information risks in the business context, particularly those associated with public cloud services such as G-suite, Office 365 and social networking;
  • Offers pragmatic guidance, tempering the advantages of cloud computing with the information risks;
  • Motivates people to think - and most of all act - more securely when considering, selecting and most of all using cloud services.  Are they appropriate and sufficiently secure for business purposes?  Are they approved or authorized?  Are there better alternatives?

Consider your learning objectives in relation to cloud security, including any related issues or concerns that are worth bringing up this month. 

Module 196

 

As well as customizing the NoticeBored materials to suit your awareness branding and objectives, feel free to blend-in additional content.  Use the materials in the company newsletters and magazines, your intranet Security Zone, in awareness events and training courses, and for new employee induction or orientation purposes.

Home > NB this month >

Copyright © 2019 IsecT Ltd.