03331 50 60 70
Need Remote Assistance?

6 Security weak points to check when you move to the Cloud

Trust in the Cloud – Part 3

Trust in the Cloud – Part 3

6 Security weak points to check when you move to the Cloud

When your infrastructure is totally on-premise, protected by a firewall, and largely accessible only locally, you know where your weak points are and what limitations you have.

Once you start to move things out into the Cloud here are 6 (there are others) weak points to check:

1. Email over Office 365

You can pick up email anywhere in the world, so have you turned on Two Factor Authentication (something you know – password and something you have – mobile phone)

2. Cloud Backups

The magic security phrase is “encrypted in transit and at rest”. No one can make sense of your data as it leaves your building, or while it’s stored on the backup server unless they have the encryption key to unlock it.

3. Secure Portals

Again, “encrypted in transit and at rest” – if you ship sensitive documents out for clients to access from the cloud, you need to be sure random people can’t get access to them.

4. Password standards

The current acceptable minimum for a password seems to be 8 characters long with uppercase, lowercase, numbers and special symbols. P@ssw0rd meets those standards. You can (should!) enforce higher standards than this.

5. Password sharing

Never share passwords between cloud services, if one service is hacked, the rest soon will be.

6. Connections to Cloud services

At a minimum these need to be over HTTPS (that green padlock in a browser means an encrypted connection), but you may want to get your Cloud provider to tighten them further (assuming they can).

For sensitive services, you can ask for a VPN (Virtual Private Network) connection or tie your connections to a few locations somehow.

That’s just the front-end, the shop window.

Other points to consider:How has your Cloud provider done their back-end work?What about the glue between various bits of Cloud infrastructure?The Independent has this article about how Whatsapp’s free backup mechanisms aren’t totally encrypted, despite Whatsapp messages being end to end encryptedEvery month, some Cloud provider gets busted for leaving a database unsecured – in August 2018 it was ABBYY document scanning

You have limited control of any Cloud service, but under the GDPR, you have a fair degree of responsibility. Make sure you understand the published information about any service you use.

Have a question about Cloud security? Get in touch. You can call us on 03331 50 60 70 or email us.

Trust in the Cloud – Part 1 – It’s perfectly safe! It’s all in the Cloud!

Trust in the Cloud – Part 2 – What you need to know about Local and Cloud backup

rust in the Cloud – Part 4 – When it’s business critical how reliable is the Cloud

Latest Insights from the Blog

Have a question? Give us a call.

Don’t let an IT problem slow you down. One of our friendly and helpful nTrust engineers is waiting to answer your question.

03331 50 60 70

Supporting you to the
nth degree

Contact us today.

Contact us today and receive a reply back within 24 hours

IT Support

Cyber Security

Cloud

IT Consultancy Services

Linkedin
ntrust credentials

Navigation

© nTrust Systems Limited 2023 | Registered in England and Wales: 4397784 | VAT Reg No: 821 6581 34

GDPR | Privacy Policy

Quick Contact

For us, nothing is too much trouble. So please do get in touch.

03331 50 60 70
support@ntrustsystems.co.uk



    More Contact Details
    cyber security

    How Cyber Secure
    is your Business?

    Take our short quiz to find out