How To Guide
How to Secure Cloud-Based Business Apps
Most cloud breaches are misconfiguration, not hacking.
Overview
Default settings are rarely secure enough for business.
Step 1: Authentication
Lock down sign-in.
1
MFA
- MFA for ALL users
- Authenticator apps over SMS
- Block legacy auth
2
Conditional Access
- MFA from outside office
- Block foreign sign-ins
- Require compliant devices
Step 2: Data Protection
Prevent leakage.
1
DLP
- Detect sensitive data
- Block external sharing
- Monitor bulk downloads
2
- Anti-phishing policies
- DMARC, DKIM, SPF
- Block external auto-forwarding
Step 3: Monitoring
Detect events.
1
Security
- Review dashboard weekly
- Alert on anomalies
- Review third-party app permissions
4
Third-Party App Management
- Audit all third-party apps connected via OAuth to your cloud environment
- Remove apps no longer used or from untrusted publishers
- Require admin approval for new third-party app integrations
- Review permissions: Does a note-taking app need access to all email?
- Block high-risk OAuth grants: Full mailbox access, directory read/write
- Monitor for new OAuth grants and alert on suspicious applications
5
Security Posture Management
- Use Microsoft Secure Score or Google Security Centre to track posture
- Address highest-impact recommendations first
- Schedule monthly reviews of security score and progress
- Compare your score against industry benchmarks
- Document why any recommendations are not implemented
- Set a target score and timeline for achieving it
Need Professional Help?
Our engineers provide expert assistance with setup, troubleshooting, and ongoing support for businesses and individuals across Cornwall.