Data and Backups
Many businesses do not thoroughly consider secure cloud2cloud backups when adopting a cloud-first workforce strategy. While you'd be right thinking that Microsoft keeps lots of backups for Office365 hosted infrastructure, your business data is not available for recovery using these backups if it's lost due to misconfiguration, mistaken deletion, or even a cloud-wide data durability issue.
Most cloud-enabled businesses wait for a data loss incident to occur before even considering backing their cloud data up somewhere reliable. Most business MSPs employ a layered approach to backing up business data in the cloud and allow users to perform their own recovery on their own files which can prevent a technical problem from turning into a business problem in the first place.
Cloud and Access
Establishing good access policies like requiring MFA when users are not at a named business location, or disallowing access to business data until a computer is updated, can protect your business data and users from various forms of targeted attack.
Likewise, establishing good administrative policy can reduce your attack surface for internal and external threats. Having a 24x7 MSP who can schedule account access creation or termination for secure employee on-boarding and off-boarding is critical to any cloud-enabled business.
Establishing a security baseline for your users and endpoints is critical to maintaining a secure cloud office. Spending some time to accurately classify your data and remote workforce rolls can help you structure your security controls to secure your most sensitive data and processes while keeping security convenient and practical. Your MSP should work with you to establish industry best practices and policies for all of your users and devices.
It's important to recognize that your cloud infrastructure provider (Microsoft for M365 or Google for G-apps) is an expert at delivering reliable "portfolios" of services to your business, but not necessarily securing all aspects of them.
Your security controls for your cloud and employee-facing systems should overlap in such a way that you no longer rely on a "perimeter" security model to protect your critical workforce. In this now-aging perimeter model, firewalls, VPNs, and access networks defined the "perimeter" in which safe computing could take place. To achieve optimal cloud-first adoptions, we need to secure individual endpoints and cloud services as thoughtfully as we did "perimeters" previously.
Your endpoints should have antivirus, anti-malware, host intrusion detection or prevention, threat hunting, vulnerability management, and security information management (of some kind). Your cloud should (at least) have conditional access policies, Administrative MFA policies, phishing protection, cloud2cloud archival backups, basic data classification, auditing, and alerting.
At the end of the day this is your businesses cloud-first initiative, and it's important that you understand the options and risks associated with them. Setting up and configuring these types of controls and redundancies can be overwhelming for even the most technically advanced businesses. In almost every case businesses save money and benefit most by simply licensing their cloud office through an MSP with a premium stack for protecting today's distributed Office365 / Microsoft365 workforce.
Is your business adopting a cloud-first workforce strategy? Schedule a free consultation with our skilled team today to make sure that your remote workforce bases are covered!