Cloud computing involves the delivery of computing services such as data storage, infrastructure, and software services, over the internet.  

Some of the security risks that come with outsourcing a cloud service include:

  • The data is exposed to threats such as hackers, bugs, social engineers, viruses, misconfiguration, malicious insiders, and natural disasters which could lead to unavailability of services. A successful hack could expose all the organization’s information/ data stored in the cloud.
  • With few exceptions, the organization has no say in how public cloud applications are designed, managed, and secured
  • The organization has no control over the security of the data. It is upon the cloud service provider to ensure the security of the data.

It is important to consider several security aspects when selecting a cloud service provider:

  • The security and privacy controls they have put in place.
  • Their resilience and compliance with the law (the Data Protection Act).
  • The performance and capacity of the cloud service provider will also help ensure the availability of services, with minimal or no service downtime.

When using free cloud services, be careful not to store sensitive data and files in the cloud.

Where possible, use private cloud services that are designed, implemented, and secured for your own use. This gives you full control over all aspects of the cloud service.

Secure devices through which you access the cloud by use of firewalls, anti-viruses, and performing regular security patches.

Perform offline data backups of data stored in the cloud.

If using cloud services in your organization, including policies, procedures, and other controls to secure the data/ information stored in the cloud.