Two Days Left to Get an iPad Air with Smart Keyboard, or Surface Go, or $300 Off with OnDemand or vLive Training ends tomorrow!

SANS Security Insights

The Shifting World of Cloud Security

Why is cloud security so challenging?A new SANS paper and videos by cloud security expert and SANS instructor Dave Shackleford, with Tenable cloud security expert Greg Mayfield looks at this topic — and what security practitioners can do to improve security in on-premise, off-premise and hybrid environments.

With more than 40 percent of those surveyed in 2017 (SANS cloud security survey 2017) now storing personally identifiable info in the cloud, clearly we need to figure out how to manage threats and vulnerabilities. Shackleford advises that security practitioners evaluate their potential vulnerabilities and threats in hybrid or off-premise models; understand the issue of "infrastructure as code" in DevOps; and protecting data and assets in a dynamic cloud infrastructure.

The paper also notes that lack of visibility — i.e. not knowing who and what is on the network — is critical to establishing effective security no matter the cloud model. Recommendations include tracking IP addresses/subnets; system DNS names; the operating systems in use; and application headers and services.

SANS also suggests adapting vulnerability management to cloud environments and that security practitioners consider automating DevOps.

For more information, including more recommendations in depth, check out the associated webcast here as well as a series of videos where SANS Senior Instructor Dave Shackleford and Tenable's Director of Product Marketing, Greg Mayfield discuss a number of different areas that challenge security professional today in the world of cloud computing , Webcast Link.

A special thanks to our sponsor:


Post a Comment


* Indicates a required field.