The 4 critical security questions for your managed service provider
Despite sharp upward trends in cyber attacks across all industries and business types, many organizations are still relying on their cloud services provider to secure their cloud app software—and often without knowing much about the specific security measures being provided.
Although an organization granting this level of blind trust is not automatically bad news (some service providers may do an adequate job with security), it creates many dangerous unknowns for organizations hoping to avoid expensive and potentially catastrophic data breaches—breaches that today come in many forms.
So, what should service providers include in their package of cloud app security services? Here are four key questions that organizations should be asking them.
1. Are they setting and enforcing strict data-sharing policies?
If you’ve adopted Microsoft 365 or Google Workspace, your managed service provider should be setting strict collaboration policies to prevent data from being inadvertently shared with outside third parties and/or the public at large. For instance, policies can trigger alerts when files are shared publicly, shared with certain internal groups, or when shared files have particularly sensitive extensions. Such policies not only help define how you want your users to share data in the cloud, but they can also detect risky behaviour, violations, or suspicious data points and activities.
2. Are they enabling automated measures as a secure foundation? If your managed service provider is not installing automated security measures such as Least Privilege Access and Multi-Factor Authentication (MFA), even a lower-level user might flip the wrong switch and misconfigure an app, exposing your organization’s data accessible to virtually anyone with an Internet connection. It’s widely known in the industry that MFA is the single most important security setting for cloud app security. Recent Microsoft research showed how MFA alone can block 99% of security breaches, yet only 2% of users across organizations have it enabled.
3. Are they adequately protecting against Denial-of-Service attacks? The current trend whereby remote workers use a wide range of devices to access cloud apps has increased the opportunity for cyber criminals to launch Distributed Denial-of-Service (DDoS) attacks. Here bad actors use multiple tools to flood the bandwidth or resources of a targeted system, rendering it inaccessible to users but not to hackers. DDoS perpetrators often target non-traditional infrastructure, exploit weak device credentials, and can now target an organization’s entire network, not just the corporate website.
4. Are they gathering threat intelligence to outsmart risk? Threat intelligence is the analysis of data to generate informed ways to mitigate existing or emerging threats. Security professionals who gather effective threat intelligence can make faster, more informed decisions, shifting from a reactive to a proactive stance in the face of cyber-attacks and other risks. Some of the actionable outcomes of threat intelligence include: risk mitigation based on recognized chinks in the organizational armor; optimized security posture based on segmentation, user control, and access control; and smarter strategies based on a single view of all data consolidated across cloud apps.
Remove the uncertainty with your cloud app security
Reach out today to learn more about how you can attain a much more transparent, detailed, and proactive approach in a time when cloud app security can’t be left to chance.
Start protecting your business by contacting us today!