About Partners Contact Client Portal
LinkedIn Twitter
Services Industries Insights & Events Careers & Culture
Insights & Events

Services

RubinBrown specializes in providing a comprehensive range of services to meet business and personal needs. Whether you require expert tax, strategic business consulting, audit services or more, RubinBrown's team of experienced professionals are here to support you.

View All Our Services
Assurance Services
Benefit Plan Audit Services Public Company Services SOC Examinations, IT Audit, & Third-Party Risk
Consulting Services
AI & Data Services Business Process Improvement Services Business Restructuring & Bankruptcy Services Cyber Security Services Environmental, Social and Governance Services Independent ERP Selection Consultants Fraud & Forensics Healthcare Consulting Services SOC Examinations, IT Audit, & Third-Party Risk Information Technology Services Litigation Services Mergers & Acquisitions Services Risk & Internal Audit Services Valuation Services
Entrepreneurial Services
Outsourced Accounting & Advisory Services
Tax Services
Federal Tax Services Private Client Services Credits & Incentives Services State & Local Tax Services
Wealth Management Services by RubinBrown Advisors RubinBrown Corporate Finance

Industries

At RubinBrown, we bring experience across a range of industries. Our experience enables our professionals to offer tailored solutions catering to the intricacies of each sector. Our professionals have years of focused engagement and skills, allowing them to navigate industry-specific challenges to benefit our clients.

View All Our Industries
Colleges & Universities Construction Financial Institutions Gaming Healthcare Law Firms Life Sciences & Technology Manufacturing & Distribution Not-For-Profit Private Equity Public Sector Real Estate Transportation & Dealerships

Careers & Culture

At RubinBrown, we are inspired team members, working as one firm, living our core values, and Being Our Best for Others while delivering totally satisfied clients. We invite you to learn more about the Firm's culture, the Be Your Best for Others mentality, and explore the available opportunities at RubinBrown.

Discover Our Culture
Baker Tilly International Campus Recruiting Diversity & Inclusion Experienced Recruiting RubinBrown Charitable Foundation Join The Team
Back to Insights

COVID-19: Cloud Security Health Check

Contact Us

COVID-19: Cloud Security Health Check

Contact Us

The COVID-19 pandemic has forced many organizations to rapidly adopt cloud solutions for email, office applications, collaboration and conferencing. The solutions are generally having a positive impact on productivity, keeping team members connected, and making the best of the work from home change. On the other side of the security equation are cyber criminals dramatically increasing their attacks looking for poorly configured solutions, access to credentials, and anything they can use to defraud organizations with inadequate security.

The Cybersecurity & Infrastructure Security Agency recently issued Alert (AA20-120A) Microsoft Office 365 Security Recommendations. The Alert provides guidance specific to Office 365 cloud security configuration and settings based on the trends identified through threat monitoring. Alert (AA20-120A) is a good reminder to take a breath, step back, and perform a cloud security health check on each of your cloud solutions, especially if your organization deployed the solution since the beginning of the pandemic. The concepts detailed in the alert can be applied to any cloud solution in use. Step through the following for your cloud solution(s) and make sure you understand your responsibilities, what you control, what the cloud provider controls, and most importantly how the cloud solution is secured:

  • Authentication: Use multi-factor authentication (MFA) on every application possible. As time allows, integrate solutions with your Active Directory or single-sign-on solution, but always use MFA when it is available (and it should be widely available).
  • User Management: Most cloud solutions rely on you to add, remove, and modify users. It is up to you to ensure you manage users, assign permissions, and review the users periodically.
  • Least Privilege: Give users the permissions they need to perform their duties, but resist the temptation to give everyone the same access.  You do not need a multi-level matrix, but you should limit administrator privileges and any privileges that could let a user change data, logs, or access permissions.
  • Encryption: Make sure your cloud provider is using up to date encryption. An easy way to check is connect with multiple browsers and make sure you are not getting any warnings or errors due to the encryption level, or the certificate.
  • Logs and Audit Trails: Every cloud solution logs information. You need to ensure that logs are available to review user logins and login failures-especially administrator logins. Ideally, you should review the logs periodically. Realistically, you need to make sure you know how to access them and where to look to find what events are logged.
  • Alerts: If the cloud solution offers alerts, decide if they are meaningful and useful to you, and implement them as appropriate. Alerts (such as logins from a new location) can be very useful as an early indicator of account compromise.
  • Diligence: Cloud solution providers will often have a SOC 2 Type II audit report that you can review for security control information. Ask every cloud solution provider with your mission critical or sensitive data for their SOC 2 report. Review the SOC 2 report to see if the security controls they have in place address your requirements (which include the security settings above) and if any deficiencies were noted in the audit. Once you have that information you can decide if the cloud solution provider is addressing your requirements, or if you need to start looking for another provider.

Advanced techniques, configuration reviews, and detailed testing can be performed, but the items above are basic checks you can perform quickly. The critical thing is to invest the time and make sure you understand your cloud solution(s) and how they are secured.

As always, if you need information or assistance with cyber security, please feel free to contact our RubinBrown Cyber Security team at any time.

Readers should not act upon information presented without individual professional consultation.

Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.

       

 

 


 

Published: 05/07/2020

Readers should not act upon information presented without individual professional consultation.

Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.

 

Contact Us:

Be Your Best for Others at RubinBrown

At RubinBrown, our firm fosters a culture built upon five vision points, and are guided by our philosophy of Being Our Best for Others. Discover how you can be your best at RubinBrown today by visiting our Careers & Culture Overview for available opportunities and more.

Discover Our Culture

Join Our Mailing List

RubinBrown periodically sends breaking regulatory updates, technical summaries, industry-specific information and event (in-person and virtual) invitations through electronic newsletters.

Sign Up for Our Communications
1-800-678-3134 Certified Public Accountants & Business Consultants

Ranked a Top 50 Accounting Firm by Inside Public Accounting

Firm News Disclaimers Privacy Policy Client Payment © 2026 RubinBrown LLP
RubinBrown Executive Recruiting RubinBrown Advisors RubinBrown Corporate Finance