top of page
  • Stuart Alexander

Critical security questions for your IT Solution Provider when it comes to Cloud Management

Updated: Dec 28, 2022

Despite sharp upward trends in cyber attacks across all industries and business types, many organizations are still relying on their cloud service provider to secure their cloud app software—and often without knowing much about the specific security measures being provided.

While Software as a Service (SaaS) is by no means new it is something that almost all businesses have adopted to take over legacy systems. Both IT service providers and in-house IT can no longer hide from this elephant in the room. Microsoft 365, and other common SaaS do not come configured securely out-of-box, it requires IT administration to configure these services correctly.

So what should service providers include in their package of cloud app security services? Here are three key questions that organizations should be asking them. Are they setting and enforcing strict data sharing policies? If you’ve adopted Microsoft 365, your IT department should be setting strict collaboration policies to prevent data being inadvertently shared with outside third parties and/or the public at large. For instance, policies can trigger alerts when files are shared publicly, shared with certain internal groups, or when shared files have particularly sensitive extensions. Such policies not only help define how you want your users to share data in the cloud, but they can also detect risky behavior, violations, or suspicious data points and activities. Are they enabling automated measures as a security foundation? If your managed service provider is not installing automated security measures such as Least Privilege Access and Multi-Factor Authentication (MFA), even a lower-level user might flip the wrong switch and misconfigure an app, exposing your organization’s data accessible to virtually anyone with an Internet connection. It's widely known in the industry that MFA is the single-most important security setting for cloud app security. Recent Microsoft research showed how MFA alone can block 99.9% of security breaches, yet only 11% of organizations have implemented it. Are they gathering threat intelligence to outsmart risk? Threat intelligence is the analysis of data to generate informed ways to mitigate existing or emerging threats. Security professionals who gather effective threat intelligence can make faster, more informed decisions, shifting from a reactive to a proactive stance in the face of cyber attacks and other risks. Some of the actionable outcomes of threat intelligence include: risk mitigation based on recognized chinks in the organizational armor; optimized security posture based on segmentation, user control, and access control; and smarter strategies based on a single view of all data consolidated across cloud apps.

Three common misconfigurations to compliment three questions.

Three things we often see in cloud environments during an initial audit that raise serious alarm:

• Misconfigured and improper use of Administration accounts.

• No longer used partner APIs that still have administration access.

• Improper configuration or lack of Strong Authentication requirements. The three above points are not only amongst the most commonplace but they are also the most critical to be resolved immediately! These are very easy to fix and will push your Cloud Security to a much higher level. Failure to resolve these issues provides easy access for bad actors and more than likely your cyber insurance will not cover the incident. Remove the uncertainty with your cloud app security. Asking your IT department these questions is a good start, but just as anyone can say to their insurance provider that they have enabled MFA although they have not, so can your IT department be dishonest about these questions. An external audit of your cloud services is the best answer to this as it will provide facts with agnostic intent. If you use Microsoft 365 we can provide an external audit for you.

26 views0 comments

Recent Posts

See All
bottom of page