Page 82 - Cyber Defense eMagazine August 2023
P. 82

1.  Review Shared Responsibility  Matrix in the Public Cloud

            It  is  important  to  clearly  understand  the  shared  responsibility  model  when  you  think  about  securing
            workloads in the cloud. The shared responsibility matrix is a consolidated framework that categorizes the
            security and compliance  responsibilities  of public cloud providers and customers of the cloud provider.
            At a high-level, the cloud provider is responsible for the physical security of the core cloud infrastructure,
            including  the data centers,  networks,  and hardware  and the customer is responsible  for securing  their
            data and applications, including configuration of access control and data encryption.

            What is extremely critical to bear in mind is that nobody knows the security and compliance requirements
            for your business better than you, and so before you run your workloads in the cloud, you must identify
            the  security  guardrails  that  you  need  to  protect  your  proprietary  data  and  adhere  to  regulatory
            requirements deemed by the industry you operate in. The following diagram shows how responsibilities
            are shared between the cloud provider and customer.


























            Image Source:

            https://www.cisecurity.org/insights/blog/shared-responsibility-cloud-security-what-you-need-to-know




               2.  Identify Risks to Your Organization

            Risk assessment is a prudent ongoing process of methodically identifying, evaluating, and mitigating risks
            to  an organization's  assets.  It is  a process  that  should  be  repeated  and  conducted  regularly  as  your
            organization's  assets  and  risks  change.  Before  you  move  workloads  to  the  cloud,  it  is  imperative  to
            complete a risk assessment to determine what security features you need to meet your internal security
            requirements  and external regulatory requirements.  It is important to involve all stakeholders  in the risk
            assessment  process,  including  your  cybersecurity  teams,  IT,  and  business  users.  Various  risk
            assessment  frameworks such as the Cloud Security Alliance’s  Cloud Controls Matrix (CCM) are widely
            used across industries. After you have identified your risks using such frameworks, you need to determine
            how to address them. This may involve accepting, avoiding, transferring, or mitigating the risks. You can




            Cyber Defense eMagazine – August 2023 Edition                                                                                                                                                                                                               82
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   77   78   79   80   81   82   83   84   85   86   87