It’s easy to get overwhelmed with the number of cloud security resources available. How do you know which sources to trust? Which ones should inform your security strategies? Which reports will actually improve your cloud security posture?
Let’s first look at six cloud security guides that you should be using. These resources provide action items that you can take back to your team and use immediately. Each of these guides are from trusted industry experts and cover the most important elements of cloud security like IAM, hardening, encryption, physical security, the shared responsibility model and much more!
Industry-Accepted Cloud Security Guides
- CIS Benchmarks
The Center for Internet Security is the best starting point for building, implementing and maintaining a cloud security strategy. They’ve published benchmarks for AWS, GCP, Azure and more! Download your choice of benchmarks now. To dive deeper, check out the CIS Controls Cloud Companion Guide.
- CSA Cloud Controls Matrix
The Cloud Security Alliance recently released v4 of its Cloud Control Matrix, which outlines about 200 controls organized into 17 domains. This cybersecurity framework aims to simplify cloud security controls and make compliance more attainable. Download the latest version now.
- NIST SP 800-144, Guidelines on Security and Privacy in Public Cloud Computing
NIST has numerous resources in the SP 800 series that apply to cloud security, ranging from access control guidance to VM configurations to storage infrastructure guidelines. NIST SP 800-144 will give you a good baseline of the NIST standards for cloud security. Download the publication now.
- SANS Practical Guide to Security in the AWS Cloud
SANS recently released this book in collaboration with AWS Marketplace. If you’re looking for a deep dive on AWS, this extensive guide is the resource for you. Download the guide now.
- Google Cloud Security Foundations Blueprint Guide
Build a secure foundation in GCP so that cloud security is top-of-mind throughout your cloud journey. Download the guide now.
- Security Best Practices for Azure Solutions
What are security best practices in Azure and why should you enable them? Find out in this comprehensive guide to developing and deploying an Azure environment. Download the guide now.
Industry-Accepted Cloud Security Training
In addition to the best practices and techniques set out in these guides, it’s crucial for your cloud team (including developers, office of the CISO, engineers, etc.) to be properly trained. Consider these industry-accepted certifications for your team members:
- (ISC)2 – Certified Cloud Security Professional (CCSP)
- Cloud Security Alliance – Certificate of Cloud Security Knowledge (CCSK)
- AWS Certified Security – Specialty or AWS Certified Cloud Practitioner
- Microsoft Certified – Azure Fundamentals, Azure Developer Associate or Security Engineer Associate
- Google Cloud – Professional Cloud Developer or Professional Cloud Security Engineer
Two-thirds of organizations are not fully confident in their cloud security posture. Is your organization part of that group? Start strengthening your cloud security posture by implementing lessons from these guides, training your team on cloud security and engaging in formalized cloud security assessments.
About the Author: Joseph Kirkpatrick is the President of Kirkpatrick Price. Kirkpatrick Price is a licensed CPA firm, PCI QSA and HITRUST CSF Assessor, and it most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, GDPR, ISO 27001, FISMA and penetration testing.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.