The National Cyber Security Centre (NCSC) has published guidance on assessing and managing the risks raised by using software that interacts with cloud-based services.
Organisations are increasingly deploying software to both servers and end user devices that make use of cloud services. The NCSC Guidance is intended to help organisations understand how their products interact with cloud services, understand the security implications of interacting with the cloud and decide on approaches to help manage the risks (e.g. by using in-built controls, network-level controls, network monitoring and contractual terms with cloud service providers). The NCSC Guidance also includes a worked example for antivirus software to illustrate the advice by discussing the measures that could be taken to mitigate the risks created by the use of an antivirus software package.
A copy of the NCSC Guidance can be found here: Read more