19/12/2017

Managing risks that can arise from cloud-based software services (UK)

With ever-increasing numbers of server and end-user devices making use of cloud services and widespread speculation about foreign powers in cyberspace seeking to compromise security of the UK supply chain, the National Cyber Security Centre (part of GCHQ) has produced new guidance to help organisations identify – and manage – the risks. 

‘Managing the risk of cloud-enabled products’ recognises that whether the use of cloud services is an explicitly-stated feature of a product (eg for data back-up), an implicit function (eg an application reporting usage statistics to the developer) or analysis of suspicious files by an anti-malware product, it’s easy to overlook their security implications.

Three core sections explain

1)

How to understand how a product interacts with cloud services, which means users finding out

  • what information it collects from their system on a regular basis?
  • what information it is capable of collecting?
  • what changes it can make to their system if commanded by the the cloud service?
  • what controls they have over it doing these things?

2)

How to assess whether the security implications for their systems are significant by considering

  • where the product is used
  • what has been discovered about its capabilities
  • what this means for security of information

3)

Managing the risks of cloud interactions by

  • using built-in controls to manage data flows and remote access
  • using network-level controls to manage data flows with services
  • using network monitoring to maintain awareness
  • considering contractual controls
  • enabling automatic updates
  • considering data sharing mechanisms
  • reviewing service periodically

The guidance concludes with an example demonstrating how it can be applied to antivirus software.

A Blog post published by Ian Levy, Technical Director of NCSC, on the same day as the guidance suggests that for most people and enterprises, the biggest risks usually come from much more mundane sources than spies in cyberspace or rampant hackers.

‘Managing supply chain risk in cloud-enabled products’ carries the timely reminder that the real dangers remain

  • not keeping software up-to-date
  • poor network configuration management
  • poor credential management

 The Credit Protection Association is a credit management company established in 1914. If you supply goods or services on credit then we can help you!

See all our latest news here!

Keep up to date with the latest news by following us on social media:-

CPA on Linkedin

CPA on facebook

CPA on twitter

Watch the video to find out how CPA can help you!

How to overcome 25 of the most common excuses for non-payment

Click the image to discover step by step advice on how to deal with them!

 

 

 

 

 

Discover how to improve your cashflow in 3 steps.

Click the image to find our answer to the question “How can you get paid on time?”

 

 

 

 

Read our blog – Debt collection agency

Read our Cash Flow Advice

Read about our overdue account recovery service

Read our blog – What is credit management?

Read our blog -What is a credit management company?

Read our blog -Credit Management that works!

Read our blog – How to select a debt collection agency

click to see read about our successes

Please call us on 0330 053 9263 to discuss how CPA can help your cashflow. Alternatively, either email us or use our contact form.

I consent to supplying my personal information that may be used for marketing purposes and agree with the privacy policy.