A study entitled, State of Cyber Security 2017, performed by ISACA (Information Systems Audit and Control Association), suggested that cyber security staff are becoming increasingly difficult to find in such a rapidly expanding and evolving field. The report was based on a survey of 633 cyber security specialists across North America and Europe, with 27% stating that they were unable to fill open cyber security positions in their businesses and another 14% unsure as to whether they would ever fill those positions...

HR Security Risk Prevention…

HR Security Risk Prevention…

With the rapid adoption of the Cloud by SMEs as well as large enterprises, it has become vital to review and update HR policies to mitigate information security threats that come with this paradigm shift. Cloud systems differ from traditional, in-house IT infrastructure in a way that businesses now have less control over their software while handing over most of the control to third party Cloud service providers. For example, it is hard to keep track of your employee’s browser history if he or she is connected to a virtualized environment inside the Cloud. Your business data is more vulnerable in the hands of an employee using Cloud since the chances of involuntary information spill are greater in Cloud environments.

For companies moving to the Cloud or those who have already made the transition, it is important that not only their CIOs sit sit down and review the IT staff policies to adequately cover the company against any risks of employee using company information for illegitimate purposes. CIOs may make the policies but when it comes to enforcing anything on employees, HR has to be involved so it’s better to involve them early on instead of handing them down a plethora of information security policy for theCloud.

To start with, companies should enforce technology based restriction on Cloud on what an employee can and cannot do vis-à-vis Cloud apps. Of course, you have to make sure that the Cloud solution provider conforms to your information security requirements on Cloud apps. For example, employees should not be allowed to send emails to their private accounts using Cloud without prior permission. HR staff also needs to include the Cloud related policy decisions in employee’s handbook.

For example:

  • Whether an employee can use public Cloud storage solutions like DropBox at work and more importantly, does the company allow information to be put into public Cloud storage services?
  • Can an employee use personal handheld devices like smartphone/tablet at/for work?
  • Can an employee be allowed to send emails to private accounts to facilitate his/her work outside the office environment? If so, should that email be CC’ed to some else as well?
  • Does the policy handbook covers in detail the use of internet, email and other IT transactions from work and can they be monitored?

HR policy should clearly mention what comes under the definition of ‘company information’ and ‘company property’. IT policy also needs to be updated periodically because with the plethora of new possibilities which the Cloud brings for businesses, it also leaves loopholes in company’s information security policy.

By Salam UI Haq

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as technology related infographics and comics.


Linux Distributor Red Hat Reports 20.6 Percent Rise In Revenue

By CloudBuzz | September 25, 2017

(Reuters) – Red Hat Inc (RHT.N) reported a 20.6 percent rise in quarterly revenue as the Linux operating system distributor benefited from higher demand for its products targeting hybrid cloud. Net income rose to $96.9 million, or 53 cents per…

Cloudflare Announces Unmetered Mitigation to Make Attacks a Thing of the Past

By CloudBuzz | September 25, 2017

Eliminates “surge pricing” that had been standard in the DDoS mitigation space SAN FRANCISCO, Sept. 25, 2017 (GLOBE NEWSWIRE) — Cloudflare, the leading Internet performance and security company, today announced Unmetered Mitigation, giving customers unlimited and unmetered distributed denial-of-service (DDoS) attack…

IDC – Cognitive and Artificial Intelligence Systems to Reach $57.6 Billion in 2021

By CloudBuzz | September 25, 2017

IDC Spending Guide Forecasts Worldwide Spending on Cognitive and Artificial Intelligence Systems to Reach $57.6 Billion in 2021 FRAMINGHAM, Mass., September 25, 2017 – Worldwide spending on cognitive and artificial intelligence (AI) systems is forecast to reach $57.6 billion in 2021,…

(ISC)2 and Cloud Security Alliance Host Cloud Security Summit to Help Cybersecurity Pros Securely Harness Cloud Technologies

By CloudBuzz | September 22, 2017

(ISC)2 and Cloud Security Alliance Host Cloud Security Summit Research cites strengthening of cloud security skills top priority over next three years CLEARWATER, Fla. ,Sept. 22, 2017 /PRNewswire-USNewswire/ — (ISC)² today announced it’s partnering with the Cloud Security Alliance (CSA) for the CSA…

Exclusive: T-Mobile, Sprint close to agreeing deal terms – Sources

By CloudBuzz | September 22, 2017

(Reuters) – T-Mobile US Inc (TMUS.O) is close to agreeing tentative terms on a deal to merge with peer Sprint Corp (S.N), people familiar with the matter said, a major breakthrough in efforts to merge the third and fourth largest…

Hack of U.S. securities regulator rattles investors, stirs doubts

By CloudBuzz | September 21, 2017

WASHINGTON/NEW YORK (Reuters) – Wall Street’s top regulator faced questions on Thursday about its defenses against cyber criminals after admitting hackers breached its electronic database of corporate announcements and may have used it for insider trading. The incursion at the…