New Guidelines for Cloud Services and COVID-19 Telework

New Guidelines for Cloud Services and COVID-19 Telework

Photo Attribution: graphit/Shutterstock.com

The COVID-19 pandemic has exposed many gaps in the world's cloud infrastructure. However, countries have been rapidly mobilizing their resources to overcome these obstacles and address damages. Recently the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) released new guidelines for industries employing cloud collaboration services for their COVID-19 telework. The surge in cyber attacks has undoubtedly been a cause for alarm.

Many employers have been forced to shift most of their onsite work to remote status in order to abide by the stringent lockdown laws due to the pandemic. CISA surveyed the customers who have migrated to cloud-based collaboration services to provide extensive guidelines. These recommendations focus upon five strategies.

Multi-factor Authentication

In August 2019, Microsoft © reported that multi-factor authentication blocks 99.9% of automated cyber attacks on its platforms. Therefore, it is no surprise that CISA also put emphasis on this tactic to reduce the success of cyber attacks. Enabling the multi-factor authentication system can be as simple as adding a phone number to receive an authentication code after a user already enters their password to sign in to any service.

Protect Administrator Account

Instead of allowing constant access to the main Administrator account, which by default has the highest privilege, create role-based administrator accounts with minimum permissions and one Global Administrator account that is rarely accessed. In this way, none of the specific role-based accounts have access to the overall system thereby reducing the opportunity to compromise the rest of the data if one account is hacked.

Unify Audit Logging

Cloud services can also generate activity logs. Users can enable these logs to constantly monitor for any suspicious activity.

Alerts

While watching for suspicious activity on daily or weekly logs is a great way to observe all activity on systems, many services have built-in security measures that can also be employed. These alerts can inform administrators if there has been a login from a suspicious location or for accounts that may be suspected to be sending phishing emails.

Cross-logging

Just checking logs within the organization's systems might not be enough to catch an overall discrepancy. CISA recommends that organizations should also share their logs with the cloud service platform's main log, such as Microsoft's © Security Information and Event Management (SIEM) tool. This method will assist in investigating any abnormality that multiple organizations may be experiencing and result in an understanding if there has been a breach of the platform, not just individual organizations.

As the world phases into a post-COVID reality, many people have become aware of the pitfalls in their systems and infrastructure. It is imperative that security guidelines provided by the government are followed to help create a safer virtual world.

Client Success

MetroHealth System Logo
  • 50% reduction in time to deploy Giva's change, incident, problem, asset management and knowledgebase modules
  • 60% reduction in the 5 year Total Cost of Ownership (TCO)
  • Saved at least 1 FTE due to lower ongoing administration
  • Saved 1 week per month due to easy to use reports
Athens Regional Health System Logo
  • Increased to 90% achievement in meeting service level agreements
  • 70% reduction in generating reports and admin; eliminated 35 hours/month
  • 50% faster to create/assign a service request
  • 60% increase in information captured during the initial phone call
  • 50% increase in the number of service requests created due to intuitive design
Santé Health Systems Logo
  • 80% increase in productivity by using Giva's dashboards and reports
  • 60% increase in meeting service level agreements
  • 45% increase in the number of the calls logged due to Giva's intuitiveness and ease of use
  • 50% increase in productivity by using Giva's integrated custom forms