I am doing industry analysis on Public Cloud Risk Management and looking for the related information, for example, what are the key unique risks related to public cloud computing and how public cloud risks fit into overall enterprise risk management framework, (e,g, risk categories or subcategories to be used for managing public cloud risks)?
Sort By:
Oldest
Director of Information Security in Banking2 months ago
Thanks
VP of IT2 months ago
1. There is no ownership of the environment.2. There is no physical separation of the hardware.
3. Physical security control is not visible.
4. Insider threats.
5. Data privacy and compliance.
6. Data loss and recovery (we faced this in our previous experience).
Director of Information Security in Banking2 months ago
Thank you, @, for your insight. We did include the above in our consideration and now we are thinking to map the above to risk taxonomy, for example, isolation failure for #2 and insider risk for #3 etc. And eventually we also like to map all the cloud risk taxonomies to some enterprise risk categories, for example, technology risk, operational risk, data risk, or cyber security risk. Any insight from this perspective?
CISO in Manufacturing2 months ago
You can also have a look at OWASP Cloud Architecture Security Cheat Sheet (https://cheatsheetseries.owasp.org/cheatsheets/Secure_Cloud_Architecture_Cheat_Sheet.html#cloud-architecture-security-cheat-sheet) or CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices (https://www.cisa.gov/news-events/alerts/2024/03/07/cisa-and-nsa-release-cybersecurity-information-sheets-cloud-security-best-practices)Director of Information Security in Banking2 months ago
Thank you, Alexander
Head of Information/Cyber Security2 months ago
I would like to recommend leveraging the guidelines outlined in the NIST Special Publication 800-144.NIST SP 800-144 provides comprehensive recommendations and best practices tailored for securing data and systems in public cloud environments. It covers essential topics such as risk management frameworks, security controls, data protection strategies, and compliance considerations specific to cloud computing.
You can access the full document directly via this link:
https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-144.pdf
Implementing these guidelines will help us align our cloud security strategy with industry standards and regulatory requirements, ensuring robust protection of our data assets while maximizing the benefits of cloud adoption.
Director of Information Security in Banking2 months ago
Thanks, Viral
https://nca.gov.sa/ar/regulatory-documents/controls-list/179/