NSA Publishes Cloud Security Risk Mitigation Guide
Maybe this is the NEW AND IMPROVED NSA.
From the NSA document:
This document divides cloud vulnerabilities into four classes (misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities) that encompass the vast majority of known vulnerabilities. Cloud customers have a critical role in mitigating misconfiguration and poor access control, but can also take actions to protect cloud resources from the exploitation of shared tenancy and supply chain vulnerabilities. Descriptions of each vulnerability class along with the most effective mitigations are provided to help organizations lock down their cloud resources. By taking a risk-based approach to cloud adoption, organizations can securely benefit from the cloud’s extensive capabilities
The document goes on to talk about the components of cloud computing and the basic tenants of cloud security such as:
- Cloud encryption
- Key management
- Shared security responsibilities
- Who the threat actors are
- Vulnerabilities and mitigations
- and a dozen reference documents
The vulnerabilities and mitigations section is especially good.
Even though it is a bit techie and managers may not understand every detail, I recommend this for managers too. It helps them understand what their team is up against.
Read the NSA manifesto here
by 