Suggested Resolutions for Cloud Providers in 2014 #1: Reinforce that security is a shared responsibility

Happy 2014! The arrival of a new year is always a great time to reflect on where you’ve been over the past 12 months, and more importantly, where you are headed. I was recently asked to share some New Year’s Resolutions for cloud providers for an article in Security Week and I thought I’d expand a bit more on those and share them with you.

Let’s start with Suggested Resolution #1: Reinforce that security is a shared responsibility.

We know that shifting from on-premises services to the cloud can help improve security for customers. Transferring some security tasks and accountabilities to a qualified cloud provider can bring an organization benefits like more timely system updates and better management of spam email. Meeting compliance obligations can also be easier for businesses which shift to the cloud.

Yet even with all the advantages of dedicated security support that a cloud service can deliver, the job doesn’t stop there. Too often providers cite the benefits of cloud adoption while neglecting to mention the security obligations that their customers continue to share.

For example, cloud customers will still need to manage the security of their client devices – ensuring up-to-date antivirus software, and educating employees on the importance of using strong passwords.

Employees in particular play an important role in protecting your data and other assets. Knowing how to spot phishing scams, and other types of “social engineering” is imperative. Employees should be alert for, and avoid, bogus links in email and on suspicious web sites.

Criminals often use major events or disasters to swindle money via computers and devices. The World Cup in 2014 will likely drive a barrage of scams promising tickets or other items related to the event in Brazil this June and July. (See Item 3 on this list).

More and more people are also using their smartphones and other personal devices to access company data and systems remotely. To help your employees protect your data – as well as their own – Microsoft has published an “Internet Security at Work Toolkit”, with tips, fact sheets, videos and other information. Consider downloading and sharing those resources across your organization.

You can also find specific guidance on recognizing and avoiding scams that come through email or web sites.

In summary, it’s important to remember that organizations moving to the cloud are not devolving 100 percent of their accountability for security. The cloud can make a big difference, but everyone has a role to play.
I’ll be back again soon with more Suggested Resolutions for Cloud Providers in 2014. See you then.

About the Author
Adrienne Hall

General Manager, Trustworthy Computing

Adrienne Hall is a General Manager in the Microsoft Trustworthy Computing group, where she leads a team of information technology (IT) professionals who are focused on the security, privacy, reliability, and accessibility of devices and services built on Microsoft technology. Read more »