Innovation brings risk. How do you protect data in the Cloud?
Welcome to this week’s Security Spotlight, where we shine a light on:
Cloud computing offers organisations easy-to-scale services, extended IT capabilities and access to innovations.
But innovation brings risk.
If you can access data in the Cloud from anywhere, how will you secure it?
New blog | How to Meet the NCSC’s 14 Cloud Security Principles[KR1] [KK2]
The NCSC established 14 Cloud security principles, including:
1. Identity and authentication
2. Data in transit protection
3. Supply chain security
These principles guide your due diligence checks when vetting your provider.
This blog explains all 14 principles, and how you can meet or check for them.
Blog | Security Risks of Outsourcing to the Cloud: Who’s Responsible?
This blog explains:
Blog | 3 ISO 27001:2022 Controls That Help Secure Your Cloud Services
When looking for specific controls to secure the Cloud, ISO 27001 can help.
This blog details 3 controls to get you started:
1. Contractual assurance – how to do your due diligence
2. A policy for use of Cloud services
3. Access control
Blog | What Are ISO 27017 and ISO 27018, and What Are Their Controls?
You can extend your ISMS with codes of practice ISO 27017 and ISO 27018 to cover specific aspects of Cloud security:
This blog explains ISO 27017 and ISO 27018, and their controls.
Q&A | GDPR Article 28 Contracts: What You Need to Know
Whether in the Cloud or not, when you outsource personal data processing, check your contracts are GDPR compliant.
This doesn’t just avoid GDPR fines.
It avoids operational disruption and liability for something that was your supplier’s fault.
Data privacy trainer and DPO Andrew Snow explains.
Free report | GDPR Benchmark Report 2024[KK6]
The GDPR Benchmark Report 2024 is out!
This report, by our sister company DQM GRC , covers 4 years of gap analysis results, taken from organisations across a wide range of industries and sizes.
Find out how your organisation measures up when it comes to GDPR compliance. And get our top tips for overcoming your compliance challenges.
Free webinar | Cyber Essentials vs ISO 27001: Which cyber security framework is right for you?
Tuesday, 12 November 2024, 3:00 – 4:00 pm (GMT)
Choosing the right cyber security framework can be daunting.
This webinar breaks down the key differences between Cyber Essentials and ISO 27001.
Our experts Ashley Brett and Andrew Pattison will:
Whether you’re a small business looking to strengthen your security or a larger organisation considering ISO 27001, this session will provide the clarity you need to make an informed decision.
We previously interviewed Ashley about the key differences between Cyber Essentials and ISO 27001.
Free webinar | Using ISO/IEC 27018 as the Key to Data Privacy in the Cloud
Wednesday, 20 November 2024, 3:00 – 4:00 pm (GMT)
Get an overview of ISO 27018 in this free webinar, delivered by Alice Turley and Andrew Johnston :
Whether you’re a DPO, GDPR professional or information security manager, you’ll gain a comprehensive understanding of ISO 27018 and its critical role in ensuring data privacy in the Cloud.
Speak to an information security expert
With 20+ years’ experience in information security, we understand risk management.
Our experts have implemented information security programmes for hundreds of organisations across a multitude of industries in both the private and public sectors.
New to the world of information security and need advice on how to get started?
Or updating an existing information security programme?
Our experts are here to help.