We are InfoSec: Information Security Department at KAUST IT.
Our goal for September: To increase your awareness on how to use the Cloud Services more securely.
KAUST is Cloud enabled and it allows us to stored data at a logical place on the Internet called ‘The Cloud’. Cloud Services are important to KAUST as they increase productivity, ease of use and enable collaboration.
Cloud computing is when an outside service provider is used to do a variety of tasks like store, manage, and process our data. There are many different examples of Cloud computing such as Google Drive, Dropbox, Apple’s iCloud, etc.
Like any Information System, certain risks can occur with Cloud Services. Always use KAUST approved Cloud Services only. To decrease such risks, please ensure that you are following the steps listed out below:
Permission:
- Before using Cloud technologies, be sure that you have obtained the proper permission to access the Cloud Server or Data and are only using Cloud Providers that are Approved by KAUST InfoSec.
- Never sign-up for any new cloud services without obtaining the proper permission from KAUST InfoSec for KAUST official business.
- Make sure you understand all of the KAUST Data Policy pertaining to the types of data that can and cannot be stored in the Cloud and always be mindful while sharing the data.
- When sharing a document, make sure that you are giving the right privileges by either assigning them read only, write or comments only permission. Another important reminder is revoking the permissions when the document is no longer needed to be shared.
Personal Cloud Services Accounts:
Making sure, we DO NOT store any work-related documents in your personal Cloud Service accounts. Plus, we make a habit of using our personal computer to access our personal Cloud Services accounts. (i.e. Personal Google Drive, Personal OneDrive etc.)
Configuration and Administration:
Always review the default configurations of your Cloud Service. Data stored in the Cloud may be accessible by anyone by default and proper configurations settings are required to make sure right privileges are set for data.
Password:
We all have multiple Cloud Services accounts, please make sure each password is unique and different from other Cloud service accounts. This minimizes the risk if one account gets compromised and attacker won’t have access to the other accounts.
Tip: Use Passphrase, they are more stronger.
Human Firewall:
Now is the time to be a Human Firewall. Security is everyone’s responsibility. InfoSec cannot protect KAUST by itself. We need You!
If you haven’t already done so before, you can log in to https://humanfirewall.kaust.edu.sa and learn more by going through our eLearning courses.
Tip: Remember, if you are not sure always ask us askinfosec@kaust.edu.sa.
In addition, become a super hero by attending our monthly security awareness sessions to learn the latest tricks cyber attackers are using and how you can spot and defend against them.
The lessons you will learn will help to protect you, whether at work or at home. We want you to be a Human Firewall, and your mission starts now.
Don’t forget to sign up for our InfoSec Lunch and Learn on Wednesday, October 23 from 12:00 p.m. to 2:00 p.m.
KAUST IT
We make IT happen!