The move to leveraging multiple public cloud providers introduces new challenges and opportunities for security and compliance professionals. As the service offering landscape is constantly evolving, it is far too easy to prescribe security solutions that are not accurate in all cases. This paper will examine five critical considerations for securely using the three biggest public cloud providers: Amazon Web Services, Microsoft Azure, and the Google Cloud Platform. While it is tempting to dismiss the multicloud movement or block it at the enterprise level, this will only make the problem harder to control. By embracing multicloud as inevitable and working to understand it, security and compliance professionals can help move the organization forward safely.
Topics covered include:
- IAM is Hard, and Everywhere
- Network Security is Still Important
- Encryption Inconsistencies can Lead to Compliance Headaches
- Multicloud can Help with Availability, but only Slightly
- Multicloud is Coming to Your Organization, Sooner or Later
Read the whole paper here:
About the Author: Brandon Evans is an Instructor for the SANS Institute. He teaches SEC540: Cloud Security and DevOps Automation and is the lead author of the upcoming course SEC510: Multicloud Security Assessment and Defense, which is launching Summer 2020. His full-time role is as a Senior Application Security Engineer at Asurion, where he provides security services for thousands of his coworkers in product development across several global sites responsible for hundreds of web applications. This includes performing secure code reviews, conducting penetration tests, developing secure coding patterns, and evangelizing the importance of creating secure products.