The Cloud Security Alliance (CSA), an organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, released State of Cloud Security 2018, which lays out some of the latest cloud practices and technologies that the enterprise information security practitioner must be aware of as organizational data expands beyond the traditional perimeter.
The report, authored by the CSA Global Enterprise Advisory Board, examines such areas as the adoption of cloud and related technologies, what both enterprises and cloud providers are doing to ensure security requirements are met, how to best work with regulators, the evolving threat landscape, and goes on to touch upon the industry skills gap.
The Cloud Security Alliance Global Enterprise Advisory Board is a collection of leading experts from large multinational companies representing more than 10 unique industries. This board has been constituted to represent the point of view of large IT end users, and to articulate the perspective of the consumers of cloud computing related to the topic of information security.
“The state of cloud security is a work in progress with an ever-increasing variety of challenges and potential solutions. It is incumbent upon the cloud user community, therefore, to collaborate and speak with an amplified voice to ensure that their key security issues are heard and addressed,” said Vinay Patel, chair of the CSA Global Enterprise Advisory Board and managing director at Citigroup. “We hope this document will serve as a roadmap to developing best practices in the establishment of baseline security requirements needed to protect organizational data.”
Among the report’s key takeaways are:
- Exploration of case studies and potential use cases for blockchain, application containers, microservices and other technologies will be important to keep pace with market adoption and the creation of secure industry best practices.
- With the rapid introduction of new features, safe default configurations and ensuring the proper use of features by enterprises should be a goal for providers.
- As adversaries collaborate quickly, the information security community needs to respond to attacks swiftly with collaborative threat intelligence exchanges that include both providers and enterprise end users.
- A staged approach on migrating sensitive data and critical applications to the cloud is recommended.
- When meeting regulatory compliance, it is important for enterprises to practice strong security fundamentals to demonstrate compliance rather than use compliance to drive security requirements.
Established to support the Cloud Security Alliance in further anticipating emerging trends, the Global Enterprise Advisory Board serves to enhance the influence enterprises have over the future of the cloud industry’s ability to address dynamic and optimal cloud security requirements. Members represent some the world’s most recognized experts within information technology, information security, risk management and cloud computing industries.