From tripwire.com
As businesses transition to hybrid and multi-cloud setups, vulnerabilities arising from misconfigurations and security gaps are escalating, attracting attention from bad actors.
In response, the US National Security Agency (NSA) issued a set of ten recommended mitigation strategies, published earlier this year (with support from the US Cybersecurity and Infrastructure Security Agency on six of the strategies).
The recommendations cover cloud security, identity management, data protection, and network segmentation. Let’s take a closer look:
1. Uphold the Cloud Shared Responsibility Model
First on the NSA’s list is upholding the Cloud Shared Responsibility Model. This defines the responsibilities between cloud service providers and their customers, detailing who is accountable for which aspects of data protection, infrastructure management, and security.
By following this model, companies can drive transparency, clarify roles, and facilitate collaboration between providers and users.
Having a clear understanding of their responsibilities helps customers implement the security measures and controls they need to protect their data and applications. For providers, it highlights the importance of maintaining robust infrastructure and stringent security protocols.