After 4 months of analysis and numerous client interviews, we’ve compiled a list of core security requirements for mid-sized organizations thinking about moving high-risk business processes to public cloud computing providers, such as Amazon Web Services. With recent technical advances, it is possible to maintain a strong technical security architecture within public clouds. However, the greatest danger organizations face is whether or not their existing operational processes and skill sets can adequately maintain their cloud security posture after they’ve gone live. Therefore, we recommend developing in-depth operational models and play books and then socializing these artifacts with your internal teams prior to moving to the cloud.
Examples of operational processes/services that are distinctly different within the cloud include areas such as: intrusion detection, security logging and analysis, forensics and vulnerability management. When reviewing the requirements provided within our complimentary research paper, we advise organizations to seriously weigh the operational impact of implementing these requirements before proceeding. As always, please reach out to us if you have any questions that you’d like to talk with us about.
Risk Insights Recommended Security Requirements for Public Cloud’s can be found here. Enjoy.