NSA publishes cloud security mitigation top 10 list

On March 7, the National Security Agency (NSA) released “Top Ten Cloud Security Mitigation Strategies” to inform cloud customers about important security practices as they shift their data to cloud environments. The report is a compilation of ten Cybersecurity Information Sheets (CSIs), each on a different strategy. The Cybersecurity and Infrastructure Security Agency (CISA) joins NSA as a partner on six of the ten strategies.

The ten strategies are covered in the following reports:

Uphold the cloud shared responsibility model

Use secure cloud identity and access management practices (Joint with CISA)

Use secure cloud key management practices (Joint with CISA)

Implement network segmentation and encryption in cloud environments (Joint with CISA)

Secure data in the cloud (Joint with CISA)

Defending continuous integration/continuous delivery environments (Joint with CISA)

Enforce secure automated deployment practices through infrastructure as code

Account for complexities introduced by hybrid cloud and multi-cloud environments

Mitigate risks from managed service providers in cloud environments (Joint with CISA)

Manage cloud logs for effective threat hunting

“Using the cloud can make IT more efficient and more secure, but only if it is implemented right,” said Rob Joyce, NSA’s Director of Cybersecurity.  “Unfortunately, the aggregation of critical data makes cloud services an attractive target for adversaries.  This series provides foundational advice every cloud customer should follow to ensure they don’t become a victim.”

The CSI for each strategy includes an executive summary providing background information and details about threat models. Additionally, each CSI concludes with best practices and additional guidance.

Read the summary report here.

Source: NSA

IC News delivers the situational awareness you need to get ahead and stay ahead in the IC contracting space. Subscribe today for full access to 10,000+ articles, plus new articles each weekday.