NPC Cloud Security Checklist
- Understand the terms of service of the provider. Is your data private? Can they mine it? Can anyone at any level of their organization access it? What level of security do they employ? Are they security certified? Is it their policy to immediately advise you if they have been hacked?
- Where will your data be stored? Do they replicate to multiple locations or jurisdictions? Be careful where your collaboration documents are stored. Prying foreign governments want your IP.
- Be sure you maintain your own backup of the data. If the service provider fails or has a technical issue, your data may go with it.
- Secure all your devices that access the cloud. Ensure they are up-to-date, fully patched, and employ strong anti-malware. Unsecured devices can be access points for bad guys into otherwise secure collaboration environments.
- Set out your use-case of the collaboration tool before you start. Ensure your provider has a robust permission and revision management feature set.
- Think about and manage user permissions carefully. Re-visit them at least monthly, or when the users change.
- Investigate and consider your client’s and partners requirements to secure the data you may be working on with them. Ensure your collaboration method and provider meets their required standards. Do they require the data they share with you to be in a security certified data centre (e.g. ISO 27001, SOC II)?
- Coffee shop and unsecured home Wi-Fi is not recommended for collaboration sessions. Consider using 3G/4G cellular connection, and ensure home Wi-Fi is secure.
- Watch for a provider whose connection sessions to their service through your browser are “HTTPS”, to ensure your link to the provider is secure.
- Review the collaboration monitoring logs frequently. Watch for unauthorized access or permissions abuse.
- Have a business continuity plan if something happens to your provider or the data they store for you.
Back
Follow us