| Page Properties | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||
|
| Page Properties | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
Cloud services are not secure by default
The five core controls of Cyber Essentials will help protect your organisation’s data and services from the most common cyber attack approaches. This includes all the cloud services that your organisation uses. Why is this? Surely, Google, Microsoft, Amazon or whoever is the cloud service provider can take care of security? Many cloud providers do ensure the security controls are in place but the user often has to set up some of the controls themselves.
...
Small businesses that have not fully or correctly configured their cloud service accounts can be easy prey for attackers and this makes them high risk for contracts within supply chains.
Do your homework
When talking about security, cloud service providers often reference a 'shared responsibility model'. This means that for some security controls, it is the cloud provider that is responsible for implementation whereas for other features, it is the user organisation (you). Who implements which controls will vary depending on the design of the cloud service being subscribed to.
...
Understanding your security responsibility is essential to keeping your data safe in the cloud
Who implements which controls will vary
For Infrastructure as a Service, the user organisation is responsible for maintaining their operating system, data use and applications and are therefore in control of the implementation of all 5 Cyber Essentials controls.
...