Only the last two are disputable points, everything else must be unconditionally implemented in any self-respecting company. Information security courses and audits are more typical for large companies.
The second part is what is usually called Compliance and which is more or less the responsibility of any information security department in any company.
- Certification of the company's processes for compliance
- Analysis and monitoring of threats and response to them (in all intents)
- Tracking updates of the software, use by company employees
- Training and examination of employees
These lists, of course, are far from complete, because there is no limit to perfection and there are no limits in the data security.
Well, in the end, I would like to say a few words about certifications and audits.
Modern cloud technologies are “covered” by a large number of requirements that they must meet. An example is the well-known ISO 27001 or the same GDPR.
And every single vendor strives to be certified against a multitude of global and regional standards. Microsoft Azure is no exception and has over 100 compliance certifications
. Well, if you do not believe, you can personally count them at this link:https://learn.microsoft.com/en-us/azure/compliance/
In conclusion, I would like to say that the issues of safety and reliability of processes have huge costs, but there is no way without them. After all, all these standards are aimed at only one thing - to ensure the security and privacy of user data. And we already found out that