December 11, 2017
The Guidance outlines the risks of locally installed products interacting with cloud services, and provides suggestions to help organisations manage this risk.
The NCSC explains that organisations are increasingly deploying software to both servers and end user devices that make use of cloud services. This may be an explicitly stated feature of the product (such as cloud storage for data backup or synchronisation between devices), an implicit function (such as a line-of-business application reporting usage statistics to the developer), or an anti-malware product using a cloud service to analyse suspicious files. The NCSC says that it is easy to “overlook the nature of these cloud interactions, and the security implications”.
Accordingly, it has published Guidance to helps organisations to:
- understand how products interact with cloud services;
- understand the security implications for their systems; and
- decide on approaches to help manage the risks.
The NCSC has also included an example that demonstrates how organisations can apply the Guidance to a common product class (in this case, antivirus software). To access the Guidance, click here.