Strengthen Your Cloud Governance and Compliance Framework
CISOs and CIOs Need to Make Cloud Security Decisions Based on Data and EvidenceCloud Security Alliance (CSA) is in the process of updating its guidelines from v4.0 to 5.0. The revised guidelines, to be released around Q3 2023, are a collection of recommendations and best practices for cloud infrastructure security.
See Also: The State of Enterprise Mobile App Security 2023: Results Analysis
"CIOs and CISOs should start pushing security controls into the DevOps function," says Daniele Catteddu, CTO at CSA. "The typical developer environments focus on delivering codes faster and not so much on delivering codes securely. This mindset has to change."
CSA has also unveiled Cloud Controls Matrix (CCM) - a set of 197 controls structured in 17 domains. As part of CCM, a detailed questionnaire needs to be filled out by both enterprises and cloud service providers to check whether those controls are in place. It also contains implementation and audit guidelines.
In Part 1 of this interview with Information Security Media Group, Catteddu explored how organizations should keep a close watch on common pitfalls like over-provisioning, cloud misconfigurations, privileged user access, IAM and API security. In Part 2, he discusses:
- How to address low-hanging fruits to secure cloud;
- The need to embed security in DevOps;
- Adherence to security controls to ensure cloud governance, compliance and risk management.
Catteddu identifies technology trends, global policies and their impact on information security and CSA's activities. In his career spanning more than two decades, he worked at CSA as managing director for the EMEA region and at European Network and Information Security Agency as an expert in areas of critical information infrastructure protection.