Security in the Cloud stage 1 - Cyber Essentials Plus

1 minute read

Cloud computing brings many advantages to business. It enables the use of Infrastructure, Platform and Software using the aaS “as a Service” model so the overall cost of ownership is greatly reduced. Paying often just a monthly fee the customer is not paying for hardware up front and then waiting for everything to get set up and installed while that hardware loses its value. Instead, rather like switching on a service like cable, satellite or telephone, when cloud computing is set up, all resources are available straight away: the company can benefit from having all its desired users sharing storage, backup, compute (CPU and memory) and software services such as email and social computing right away.

It also brings security advantages in that, depending on the level of service agreed, it is the cloud provider’s responsibility to ensure all the latest security patches are applied to the operating systems and supported software services. It also has the security advantage that the default level of perimeter security, defending against unauthorized access to business data, will be better than most companies are currently doing. So, that’s better than most while lowering the TCO and without hiring a bunch of IT security consultants. Sounds good.

If you make the call to trust the security measures of your cloud provider, and that could be questionable logic given that you selected them on cheapest price, but even you’re right, that is only trusting one part of the perimeter. Your workforce represents many more devices and access points across which figuratively speaking, the worms can get in. Penetration testing and the additional checks carried out as you go through Cyber Essentials plus will ensure you have a satisfactorily secure environment at that point. This is something the e2e-group have gone through recently and found it to be an invigorating experience even as a security company, having as we do a mobile workforce. We strongly recommend doing likewise. A list of qualified Cyber Essentials Plus testers is available here.