Content of Figures
1 Introduction / Executive Summary
The cloud has established itself as an important enabler of digital transformation. It has changed the way organizations do business and the events of ...Login Get full Access
This report focusses on the steps an organization needs to take to manage common business risks when using an IaaS cloud.
These risks includ ...
3 Why you need to Secure your use of Cloud
The Coronavirus epidemic forced organizations to change the way that they do business. Retailers have had to move online, manufacturers have had to re ...Login Get full Access
4 Securing your Cloud
Good governance, with a consistent approach to the security of IT services regardless of how they are delivered, is the best approach to the hybrid IT environment that most organizations now have. This sets measurable business-related objectives for IT services and then monitors that these objectives are met. This approach allows the organization using the IT services to focus on their business and the service providers to focus on delivering the required service.
A governance-based approach to the use of a cloud service means that the client must clearly set out their business, security, and compliance objectives for the service.
Figure 1 illustrates the responsibilities of an IaaS tenant (or cloud client) within the context of an overall security governance fabric. This fabric should cover all of the elements that need to be secured to ensure a consistent and cost-effective approach. It should provide a common set of services that use appropriate tools to achieve the business defined security and compliance objectives.
There are several existing frameworks for the governance of and the best practices for IT security management. For example, the NIST Cybersecurity Framework (CSF) focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization's risk management processes. The ISO 27000 series of standards provides best practice recommendations for the management of information risks through security controls. There are also other industry-specific frameworks such as the PCI-DSS (Payment Card Industry Data Security Standard). Organizations should adopt the appropriate elements of these frameworks and apply them consistently across all of the IT services that they use. This report will revisit this topic later and includes examples for how AWS technology provides support for the areas shown in this illustration.
4.1 Understand your Responsibilities as a Cloud Client
Most of the reported cloud related cyber incidents have been due to errors by the cloud client (or in other words cloud tenant).
The CSP is responsi ...
For basic IaaS services, such as compute, network, and storage, the CSP is responsible for securing the infrastructure used to provide the service up ...Login Get full Access
4.2 Identity and Access Governance
Your cloud administrative access rights are a prime target of cyber adversaries - make sure that you protect them.
The client is always responsible ...Login Get full Access
4.3 Data Protection
Your business-critical data could be at risk from cyber-attacks, ransomware, and misuse as well as system failures. Make sure that you protect it.
T ...Login Get full Access
4.4 Technical Vulnerability Management
Most cyber-attacks exploit well known technical vulnerabilities - implement automated processes to identify and remove common vulnerabilities.
There ...Login Get full Access
4.5 Network Security Management
The network provides a route for cyber adversaries to attack your systems - take a zero-trust approach to network security.
Internet access could pr ...Login Get full Access
4.6 Service Management
Adapt your existing service and security management processes to include your use of cloud services.
Managing and administering the cloud service is ...Login Get full Access
4.7 Compliance Management
Make sure that the cloud is independently verified and use the capabilities provided to ensure that you use the service in a way that complies with yo ...Login Get full Access
4.8 AI Support
Look for AI based support in the tools you use.
Machine Learning systems are ideally suited to the tasks of systems and security management where th ...Login Get full Access
4.9 Security of the infrastructure
Trust but verify.
For IaaS, the CSP is responsible for the infrastructure and the managed services that their platform provides, and the client is r ...Login Get full Access
Organizations need to take a business led approach to the use of cloud services. Will the use of a cloud service provide a better business outcome tha ...Login Get full Access
6 Evaluation of AWS Tenant Security Controls
This is an excerpt from the 2021 Kuppinger Cole Market Compass report on Global IaaS Providers Tenant Security Controls.
The 2021 KuppingerCole Mark ...Login Get full Access
6.1 Outstanding for Range of Tenant Security Capabilities: AWS
AWS provides a comprehensive range of capabilities out of the box for the tenant to use their service in a secure and compliant manner. Many of these ...Login Get full Access