The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.
This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here’s our overview of the new CSI sheets, what they address and the key takeaways from each.
Implementing cloud identity and access management
The “Use Secure Cloud Identity and Access Management Practices” CSI sheet was created to help identify and address the unique security challenges presented in cloud environments. With most modern businesses quickly adopting more cloud-based solutions to help them scale, the virtual attack surface they create needs adequate protection.
The document goes on to explain that one of the major risks associated with expanding into the cloud comes from malicious cyber actors who actively exploit undiscovered vulnerabilities in third-party platform access protocols. This is primarily due to misconfigurations in user access restrictions or role definitions, as well as the strategic execution of social engineering campaigns.
Many of the risks identified can be successfully mitigated through the use of Identity and Access Management (IAM) solutions designed to monitor and control cloud access more strictly. In addition, the CISA and NSA recommend proper implementation of multifactor authentication protocols, which are particularly effective when improving phishing resistance, as well a ..
Support the originator by clicking the read the rest link below.
