Is Your Security Team Cloud Ready>
ISC2 Blog
If cloud workloads are not properly configured or protected, organizations are faced with new risks. Configuring cloud instances often requires complex and specialized knowledge and training. An individual lacking the foundational skills on cloud security can easily configure something incorrectly or have a false sense of security when weak security controls are implemented. These mistakes can result in cloud deployments being vulnerable to data breaches leading to regulatory penalties if customer data is left exposed.
The following is a non-exhaustive list of the tasks an effective security team must perform: Understand the business processes and objectives to become a trusted adviser for all security, risk, privacy, compliance, and data-integrity needs. Develop strategies to avoid risks against fraud, data loss, and threats. Implement information security policies and practices for employees, customers, partners, data, applications, and infrastructure. Develop detection, response, remediation, and notification programs for new and emerging threats. Ensure security teams understand and adhere to the Shared Responsibility Security Model for cloud services and service providers Assist in assessing all third-party providers who might have access to corporate information, especially sensitive data. Work with regulatory and legal teams to define and implement processes and technology to help meet compliance requirements. Develop and enforce corporate security standards, policies, and technology stack. Define and manage vulnerability, configuration, and patching programs with IT and DevSecOps teams
Link: https://www.isc2.org/Articles/Is-Your-Security-Team-Cloud-Ready