The SANS Ouch! newsletter has always been one of my favorite sources of security awareness content. Whether you simply need a reminder of good sound security practices or you are brand new to a topic, the guest writers always seem to do a great job of presenting timely content in an approachable format.
This month is no different. Understanding the Cloud and how to best approach selection and use of a service is both topical and important. I would certainly echo the advice presented in this article. I would particularly dwell on the recommendation to utilize some form of two-step or multi-factor authentication for any service chosen if available. I would take the added step of recommending you not choose a service if MFA was not an option.
Enjoy the read!
The thread responses in this post from Bruce Schneier are almost as entertaining as the linked content from the Washington Post. If you ever doubted that the cloud movement was unstoppable, it is time to reconsider.
On a lighter note, the arguments many will have with HIPAA and PCI consultants over cloud storage of sensitive data should get more entertaining. “But Uncle Sam gets to do it…why can’t I?”
Brian Krebs has authored a very interesting article on ransomware from the perspective of network shares and cloud storage. He also includes some great advice on toos to combat ransomware without having to pay up any bitcoins. The article is definitely worth a read.
This is an interesting conversation concerning cloud security in light of the cyber security challenges facing US and international corporations. I am particularly intrigued by the discussion around shadow IT and its risks to cyber security.
This is a very high level overview article, but the 3 practices are still key. I would focus on data governance as a control/practice that truly leads to better cloud security.
Kudos to everyone who can take advantage of this deal. I am a huge fan of free disk. That said, more and more of our lives are ending up in the cloud. Are you considering how you keep that data safe? do you trust the provider or do you take the reins or do you do a little of both?