As businesses migrate their services to hybrid and multi-cloud environments, cloud misconfigurations and security flaws are becoming critical points of failure.
Cyber threat actors are aware of this and increasingly target misconfigured, unsecured, or unmonitored cloud systems.
The US National Security Agency (NSA) released a list of the top ten recommended mitigation strategies cloud customers should use to improve their security posture.
The advisory, published on March 7, 2024, is a compilation of ten strategies from cloud security measures to identity and access management, data security practices and network segmentation.
The US Cybersecurity and Infrastructure Security Agency (CISA) provided support to the NSA on six of the ten strategies.
The top 10 cloud security mitigation strategies are:
- Uphold the Cloud Shared Responsibility Model
- Use Secure Cloud Identity and Access Management Practices
- Use Secure Cloud Key Management Practices
- Implement Network Segmentation and Encryption in Cloud Environments
- Secure Data in the Cloud
- Defending Continuous Integration/Continuous Delivery (CI/CD) Environments
- Enforce Secure Automated Deployment Practices through Infrastructure as Code
- Account for Complexities Introduced by Hybrid Cloud and Multi-Cloud Environments
- Mitigate Risks from Managed Service Providers in Cloud Environments
- Manage Cloud Logs for Effective Threat Hunting
Each strategy comes with an additional cybersecurity information sheet detailing how to implement it.
Each sheet provides recommended steps to take, best practices as advised by the NSA and CISA and a list of links in case the cloud customer wants to explore the security strategy in more detail and read additional resources on it.