Is your head in the clouds?
Hosting your data and applications in the cloud provides much greater protections, but requires additional considerations:
Test and re-test your cloud storage environment and configurations. Cloud providers are not responsible for how you connect to the cloud, and this is where the major vulnerabilities appear.
Develop a rigorous data management strategy to segment and encrypt sensitive data and Personally Identifiable Information (PII) in addition to general encryption of cloud environments.
Articulate your risk reduction strategy to senior management and build in periodic reviews for the cloud and cloud providers.
Limit your user access to the cloud, and only to absolutely necessary data.
Utilize continuous real-time monitoring to track activity on your organization’s cloud, including the information that is being accessed, and who is accessing.
See our Cyber Center for additional resources and links for cyber alerts, and contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks.