Understand the shared responsibility model, cloud misconfigurations, and how to secure cloud accounts and data.
Cloud Security Fundamentals
Cloud services like Microsoft 365, AWS, and Google Workspace have transformed how organisations store and process data. But moving to the cloud does not eliminate security responsibility — it redistributes it.
The Shared Responsibility Model
⛔ Important
A common misconception: “Microsoft/Google is responsible for my data in the cloud.” The provider secures the infrastructure — but you are always responsible for your own data, who has access to it, and how it is configured. Misconfigured cloud storage has caused some of the largest data breaches in history.
Principle of Least Privilege in the Cloud
Every user, application, and service account should have only the minimum permissions needed for their specific task. In cloud environments, over-permissioning is the most common security mistake:
- An employee doesn’t need Global Administrator rights to use Microsoft 365
- A storage bucket containing backups doesn’t need to be publicly accessible
- A service account running scheduled jobs doesn’t need write access to the entire database
✓ Key Point
In Microsoft 365, regularly review who has Global Administrator and Exchange Administrator roles. These accounts are high-value targets. Apply MFA to all administrator accounts and use Privileged Identity Management (PIM) to activate admin rights only when needed.
Shadow IT and Unsanctioned Cloud Services
Shadow IT is when employees use cloud services not approved by IT. Common examples:
- Storing work files in a personal Dropbox or Google Drive
- Using personal email to send/receive work documents
- Uploading customer data to a free online converter tool
⚠ Warning
When data leaves your organisation’s approved cloud environment, it loses all the security controls your IT team has put in place — access controls, DLP policies, audit logging, and backup. Always use organisation-approved storage and collaboration tools.
Key Cloud Security Settings to Know
| Setting | Why It Matters |
|---|---|
| MFA on all accounts | Credential theft is the #1 cloud attack vector |
| External sharing restrictions | Prevent accidental public exposure of files |
| Conditional Access policies | Block logins from risky locations/devices |
| Audit logging enabled | Required for incident investigation |
| Data Loss Prevention (DLP) rules | Detect and block sensitive data leaving the org |
| Regular access reviews | Remove stale accounts and over-permissioned users |
Who’s actually securing your cloud?
Microsoft secures the servers — but your data, your accounts, and your sharing settings are on you, and misconfiguration is how most cloud breaches happen. Mobile Techs IT Service helps Gold Coast businesses lock down their side of the shared responsibility model: Microsoft 365 security reviews, MFA and conditional access rollout, admin role and permission audits, external sharing controls, and proper cloud backup. Home users welcome too — on-site or remote, anywhere in Australia.
Get your cloud setup reviewed → or call 1300 644 588
