Top 10 Best Practices for Cloud Security
5 out of 6 enterprises have implemented cloud based applications - the question is wither they have put in place the necessary security for the data and the application
Top 10 best practices for cloud Security - The cloud is great technology that helps organizations to improved productivity, reduce costs, and simplify the user's life. However it does raise significant security risks. Here are 10 best practices that if followed minimize those risks.
- Utilize a SDM (System Development Methodology) to design, test and implement changes in the both the source and object level code.
- Implement a disaster recovery and business continuity plan that includes a focus on security of the data and application assets that are cloud based.
- Implement metrics and cloud application monitoring which can help to detect potential security violations and breaches in the cloud based data and applications
- Utilize a secure access and change management system to manage revisions to the cloud application.
- Utilize a patch management approach to install revisions to the cloud data and application.
- Implement a log management system to have an accurate audit trail of what occurs on the cloud.
- Implement firm security policies via a formal security management system (see https://e-janco.com/security.htm and https://e-janco.com/cloud.htm).
- Review latest published cloud vulnerabilities and make appropriate changes to cloud applications and access rules
- Contract with independent 3rd parties to find security vulnerabilities in your cloud based applications
- At least annually, conduct a security compliance audit on the total cloud based application from development to user access.
Security - Privacy - Compliance Management Issues
When dealing with cloud data and/or data that is accessed via the Internet, the enterprise must be aware of all mandated requirements for the location of the users who's data this is, the location where the cloud processing occurs, and the the location of the facilities and individuals who access that data. Each location may have different compliance requirement.
This offering is significantly impacted by mandated security and privacy requirements like GDPR (General Data Protection Regulation) and the CCPA (California Privacy Act). As privacy requirements are added, we will update this offering and all supporting policies / templates to be in full compliance.