eBooks & Reports

O'Reilly's Automating Security in the Cloud

Issue link: https://resources.threatstack.com/i/872576

Contents of this Issue


Page 6 of 32

CHAPTER 4 Cloud Computing Foundational Security Leading Practices The key to a secure cloud computing deployment is ensuring your deployment star with a secure foundation. The foundational cloud security configuration and setting should be followed with any cloud computing deployment whether regulated or not. An example of a secure foundation of security practices is the Amazon Web Services (AWS) CIS AWS Foundation benchmark which we partnered with Center for Inter‐ net Security (CIS) to create a consensus based leading practice for foundational, test‐ able, and architecture agnostic settings for anyone deploying services in the cloud. These benchmarks are a basic leading standard for securely configuring traditional IT components. The CIS Benchmarks cover AWS Identity and Access Management (IAM), AWS Config, AWS CloudTrail, AWS CloudWatch, AWS Simple Notification Service (SNS), AWS Simple Storage Serve (S3), and AWS VPC (Default). Other cloud providers also provide some Best Practice documentation such as Azure Network Security Best Practices which suggest a build or migrate approaches to a cloud pro‐ vider. The reason we like the CIS benchmarks is they are consensus based meaning several organization and actual hands on practitioners and solutions providers helped create these leading practice guide in an effort to remove the guesswork for security profes‐ sionals: You no longer have to guess what is the best approach towards foundational security measures within your cloud computing infrastructure should be. As refer‐ enced AWS collaborated on the CIS AWS Foundation benchmark as a straightfor‐ ward way to implement and constantly evaluate security. These leading practices reduce the complexity of managing risk through consistent implementation and the use of automation for securing foundational level configurations to include critical, audited, and regulated workloads. Additionally, the Integration of these benchmark as well as other security and audit benchmarks published by CIS are also interweaved 5

Articles in this issue

Links on this page

view archives of eBooks & Reports - O'Reilly's Automating Security in the Cloud