October is Cyber Security month. In what seems like a never-ending process, we continue to face new and advancing threats to the integrity of our data, identities, and businesses. For those of use with small and midsize businesses, we need to ensure our systems and information are secure. At the same time, we want to keep our IT systems simple and manage our budgets.
To strike the right balance, we need to assess our current security foundation, identify gaps, and fill in services where needed. Doing so creates a security foundation that covers your basic needs. From there, you can add services and build the security footprint you need to meet industry expectations and regulatory requirements.
A sound cloud security foundation is built on four cornerstones for cloud security.
1 Basic C/I/A
Ensure the confidentiality, integrity, and availability (C/I/A) of information you create, receive, maintain, or transmit.
This cornerstone establishes your basic security infrastructure that protects against attacks and prevents breaches across your IT systems. It also creates your ability to respond to issues and recover, key to ensuring business continuity and resilience.
2 External Threat Protection
Identify and protect against reasonably anticipated threats.
This cornerstone focuses on the attacks and threats from outside your business. From phishing, ransomware, and business email compromise, to DNS and advanced persistent threats, the focus is on protecting your data, applications, systems, and people from harm.
3 Data Loss Protection
Identify and protect against reasonably anticipated uses and disclosures.
Data breaches and data loss result from configuration issues, application errors, and individual actions. Permission errors, inappropriate sharing, and other actions are often accidental, resulting from a lack of understanding of policies and/or how systems work. They can, however, result from intentional acts of misconduct. Solutions that set this cornerstone protect against these internal risks and threats.
Ensure workforce and business compliance.
Nearly all businesses must meet basic legal requirements to protect sensitive information. Most businesses must also adhere to industry and additional legal requirements. This cornerstone encompasses the policies and procedures that ensure your team, and your business meet your compliance requirements. IT also includes the tools and methods to enforce policies and report on compliance.
To ensure your cornerstones are set and your security foundation is place, conduct a security footprint assessment. For each cornerstone, identity the services you have in place and those that may be needed. The assessment should cover the “CPRs” of security:
- Protect / Prevent
- Respond / Recover