Versions Compared

Version Old Version 4 New Version 5
Changes made by

Jane Waterfall

Jane Waterfall

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Date created:

Date approved:

Date published:

What is meant by

...

cloud services?

Different components of computing are available to users remotely over the internet and payable on demand or by subscription. Cloud services is the collective name for these externally manged services. Examples are: Microsoft 365, Dropbox, Googledrive, AWS and Citrix Workspace.

...

When talking about security, cloud service providers often reference a 'shared responsibility model'. This means that for some security controls, it is the cloud provider that is responsible for implementation, whereas for other features, it is the user organisation. Who implements which controls will vary depending on the design of the cloud service being subscribed to. In the Cyber Essentials requirements, it specifies that where the cloud provider implements a control, it is your responsibility to satisfy yourself that this has been done to the required standard.

...

According to research by Microsoft, there are over 300 million fraudulent sign-in attempts to their cloud services every day.  Most data breaches involve weak, default or stolen passwords which highlights the requirement for comprehensive password policy and strong authentication. It is estimated that 99.9% of attacks can be blocked with Multimulti-Factor Authentication factor authentication (MFA).

Another threat to data stored with cloud services is from the unintentional mistakes or malicious intent from employees, also known as the ‘insider threat’. A rogue employee can use their knowledge and access to company information to steal data or commit fraud.

...