The adoption of cloud based solutions offer many advantages to businesses, such as cost savings, efficiencies and flexibility. Cloud based solutions can also improve data security as cloud providers will be tasked with monitoring the security of their solutions, updating software and improving security features as required.
However, adopting a cloud based solution will not automatically reduce an organisation’s exposure to cyber risks. Care must be taken before procuring a cloud based solution and any solution must be properly assessed from a security perspective.
The Australian Cyber Security Centre (ACSC) has released cloud security guidance material, including a cloud security assessment framework to assess cloud service providers and their cloud computing services. While Government entities must complete a cloud security assessment before it procures a cloud solution, the ACSC resources may be used by non-government organisations to assess their cloud solutions.
In a world where organisations are increasingly reliant on cloud based solutions and cyber threats continue to rise each year, it is prudent for all organisations to prioritise the assessment of a cloud solution’s security capability before procuring and implementing that solution. Without assessing and understanding the security risks of adopting a particular solution, it is difficult to properly implement controls to mitigate cyber risks and understand if a solution meets an organisation’s security requirements and risk tolerance.
Thus, the ACSC’s cloud security guidance is a useful resource and tool to enable organisations to assess the security of cloud based solutions.