Security and Privacy Controls for the Cloud

In February, Lisa McKee, founding partner, American Security, Dakota State University, Omaha, Nebraska, spent time with the chapter discussing the importance of cloud security. McKee pointed out a number of cloud threats, and companies need to do a better job of protecting themselves and their employees. She relayed that 39% of businesses had experienced a cloud breach in their cloud environment in 2023. She cited the Verizon Data Breach Investigations Report of 2023, which indicates the human element is involved in every three out of four incidents. McKee emphasized that cyber threats don’t change. With the continued use of the cloud, threats only become greater. She touched on the OSINT Framework, which gathers free tools and makes them readily available. She also talked about compliance: it’s one of the hardest jobs out there based on the breadth of knowledge necessary for the position. McKee discussed Core Privacy Rights, where companies need the customer’s consent to collect and process their personal data. McKee also discussed global privacy laws and the need to pass privacy laws that are flexible, allowing for unforeseen advancements in technology. McKee commented on the importance of contracts; it’s important to get it in writing to make it stick. She touched on a number of other topics like architectural design, cloud vendor management and the importance of locality, and whether companies own their own equipment or use a multi-tenanted hosting provider. McKee concluded by emphasizing the key to maintaining solid security and privacy controls for the cloud is having a solid action plan.