According
to the
Information Security Forum
(ISF), trusted resource for
executives and board members on cyber security and risk management, the growth
of cloud computing has become ever more apparent, as organizations are drawn to
the elasticity and scalability offered by cloud services. With an expanding
number of cloud services underpinning business operations, the risks incurred
through cloud usage are key concerns for business leaders. For an organization
to have confidence that it can move to the cloud while ensuring that vital
technological infrastructure is secure, a robust strategy is required.
In an effort to support global organizations, the ISF is releasing Using Cloud
Services Securely: Harnessing Core Controls, the organizations latest
digest which provides a
comprehensive approach to securing cloud services for organizations that are
considering using, or already actively use, one or multiple cloud
service providers (CSPs).
While CSPs provide a certain level of security for their cloud services,
organizations need to be aware of their security obligations and deploy the
necessary security controls. This requires organizations to understand and
address the many security challenges presented by the complex and heterogeneous
aspects of the cloud environment.
"Cloud
computing has evolved at an incredible speed and, in many organizations, is now
intertwined with the complex technological landscape that supports critical
daily operations. However, this ever-expanding cloud environment gives rise to
new types of risk," said Steve Durbin, Managing Director, ISF. "Our latest report empowers organizations
to deploy the right set of security controls and to focus their efforts on the
most valuable action that will reduce the likelihood and impact of
cloud-related threat events. Whether using one or multiple cloud services,
organizations will be well-positioned to make the most of the opportunities
offered by cloud computing."
The cloud
environment has become an attractive target for cyber attackers, highlighting
the pressing need for organizations to enhance their existing security
practices. However, consistently implementing the fundamentals of cloud
security can be a complicated task due to the diverse and expanding nature of
the cloud environment. Using Cloud Services Securely:
Harnessing Core Controls provides organizations with a compelling
approach to meeting security obligations in the cloud environment, providing
guidance on how to:
- Enforce some practical
and actionable principles of cloud security governance
- Deploy and maintain a
set of core cloud security controls, with reference to the specific
responsibilities of the organization as the cloud customer
- Select the right
combination of cloud security products and services to support the
implementation of the security controls.
"Business
and security leaders already face many challenges in protecting their existing
IT environment. They must now also find ways to securely use multiple cloud
services, supported applications and underlying technical infrastructure,"
continued Durbin. "Whether your organization is considering, or already
actively using one or multiple CSPs, taking proactive steps to implement the
security controls recommended in this report will instil confidence in business
leaders that they can use cloud services securely and maximize the potential
offered by the cloud environment."
Using Cloud Services Securely: Harnessing Core Controls
is primarily directed at
individuals who are responsible for securing cloud services in their
organization, such as cloud security architects, cloud development managers and
cloud engineers. The report will also be of interest to individuals in
executive management who have a governance and oversight role for cloud
security, including the Chief Information Security Officer (CISO), Chief
Information Officer (CIO), Chief Risk Officer (CRO) and Data Protection Officer
(DPO).
The report
is available now to ISF Member companies via the ISF website.