The National Security Agency, in partnership with the Cybersecurity and Infrastructure Security Agency, has released a list of its top 10 mitigation strategies that organizations should take to enhance the security of their cloud environments.
Each strategy is accompanied by an associated Cybersecurity Information Sheet that describes in detail how organizations can improve their security practices as they transition their data to the cloud, NSA said Thursday.
“Using the cloud can make IT more efficient and more secure, but only if it is implemented right,” said Rob Joyce, director of cybersecurity at NSA and a two-time Wash100 awardee.
NSA recommends that cloud users maintain the cloud shared responsibility model, use secure cloud identity and access management practices and utilize secure cloud key management practices. Other suggested strategies include implementing network segmentation and encryption in cloud environments and safeguarding data stored in the cloud.
Organizations are also encouraged to protect continuous integration/continuous delivery environments, enforce secure automated deployment practices through infrastructure as code, address complications that may arise when implementing hybrid and multi-cloud environments, mitigate risks from managed service providers in cloud environments and manage cloud logs for effective threat hunting.
Check out the Potomac Officers Club’s 2024 Cyber Summit on June 6 to learn more about federal cybersecurity initiatives. Top cyber leaders from the public and private sectors, including opening keynote speaker David McKeown, deputy chief information officer for cybersecurity and senior information security officer for the Department of Defense and a previous Wash100 winner, will convene at the event. To learn more and register to attend the summit, click here.
