Chat with us, powered by LiveChat NSA Shares Guide for Mitigating Cloud Vulnerabilit - Writemia

NSA Shares Guide for Mitigating Cloud Vulnerabilit

NSA Shares Guide for Mitigating Cloud Vulnerabilities, ThreatsJanuary 27, 2020 – The National Security Agency released new guidance designed to help organizations across all sectors mitigate cloud vulnerabilities, including identifying cloud security components, threat actors, and potential mitigation techniques.According to the guide, cloud vulnerabilities can be broken down into four key categories: misconfiguration, poor access control, shared tenancy flaws, and supply chain vulnerabilities.The guide is designed both for the organizational leadership team and technical staff and is broken down into three sections: cloud components, cloud threat actors, and cloud vulnerabilities and mitigations. The hope is that leadership can gain perspective on cloud security principles, while addressing cloud security considerations to assist with cloud service procurement.Dig DeeperMulti Cloud Approach More Prone to Data Breaches Than Hybrid Use32% Providers Store Data in Cloud, Despite Lack of Security ResourcesDHS Addresses Security Concerns with Microsoft Office 365, Cloud MigrationTo the NSA, organizations should take a risk-based approach to cloud-adoption to ensure the enterprise can “securely benefit from the cloud’s extensive capabilities.”“While careful cloud adoption can enhance an organization’s security posture, cloud services can introduce risks that organizations should understand and address both during the procurement process and while operating in the cloud,” NSA officials wrote.“Fully evaluating security implications when shifting resources to the cloud will help ensure continued resource availability and reduce risk of sensitive information exposures,” they added. “To implement effective mitigations, organizations should consider cyber risks to cloud resources, just as they would in an on-premises environment.”The guide breaks down the different cloud architecture types, which vary by vendor and include identity and access management, virtualization and containerization computation, networking, and storage. NSA officials recommended that organizations first understand the different cloud implementation methods as part of its risk decision.Organizations can also find insights into cloud encryption and key management, which the NSA explained for critical aspects of protecting information in the cloud.“While the cloud service provider uses encryption (among other controls) to protect some aspects of customer data from other customers and CSP employees, cloud customers should understand the options that they have for further protecting their data,” NSA officials wrote.“Understanding data sensitivity requirements is crucial for building a cloud encryption and key management strategy,” they added. “Cloud-based KM services are designed to integrate with other cloud services, reducing the amount of customer development needed to protect and process data in the cloud.”The guide also sheds light on ways cloud vendors and its customers are meant to share cloud security responsibilities to bolster protection of data stored in the cloud, such as incident response and patching and updating.The NSA also provided a deep dive into misconfiguration. The widespread vulnerability is widespread and has impacted a trove of sensitive data, including within the healthcare sector. IntSights researchers have found one-third of healthcare organizations are leaving online databases exposed or misconfigured.“Misconfiguration of cloud resources remains the most prevalent cloud vulnerability and can be exploited to access cloud data and services,” NSA officials wrote. “Often arising from cloud service policy mistakes or misunderstanding shared responsibility, misconfiguration has an impact that varies from denial of service susceptibility to account compromise.”

Do you need an answer to this or any other questions?

About Writemia

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Place Order” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order