CCSK

  • 1.  Challenges of Rapid Growth of Cloud Computing

    Posted May 13, 2021 02:10:00 PM
    Hello all!

    Cloud computing is growing rapidly. What do you think are the major challenges of cloud computing growing at such a rapid pace?

    I'd love to know what everyone's thoughts are on this subject.

    Thanks :)

    ------------------------------
    Jenna Morrison
    Training Department Intern
    Cloud Security Alliance
    ------------------------------


  • 2.  RE: Challenges of Rapid Growth of Cloud Computing

    Posted May 15, 2021 08:37:00 AM
    Hi,

    For me it is the overall lack of governance, compliance and transparency around risk in the cloud.

    Best regards,

    Geoffrey




  • 3.  RE: Challenges of Rapid Growth of Cloud Computing

    Posted May 17, 2021 07:28:00 AM
    Lack of time to develop sound supporting processes around cloud adoption.
    Off the top of my head these area need to be addressed:
    Information protection - evaluating the information to be stored, to include ownership, consequence of loss, classification - all drive the security requirements.  Don't forget about export control, not just location of data but who can access it. Particularly if the CSP has foreign nationals working for them.
    Security review - how are you going to assess the cloud provider against those security requirements? E.g., SOC II report, FedRAMP, questionnaire.
    Business Continuity and resumption - what are your recovery point and time objectives, can you still meet them and what interdependencies are now introduced
    Access/Authentication/Authorization/Auditing  - all need to be addressed/reviewed
    Logging - are the logs available to your SIEM? (And are alerts configured?)
    Access Path - VPN/Direct/Proxy/Zero-Trust?   Any device or corporate devices?
    Authentication - how are accounts managed? Do you already have an IDP? Do you have 2FA configured? Is it integrated with you IDM system?
    Authorization - who assigns rights in the service? When are they reviewed and changed?
    Cloud Service Approval process - who can accept the risk of the process and how does the above need to be documented to support that acceptance of risk.
    Continuous Monitoring/Assessment - how are you making sure the security is as intended and continues to be?
    Contract language - do you have standard terms and conditions in your contract to address information protection, security  requirement flow down, incident response, indemnification, third-party liability, contract disposal, information disposition, etc. Have these been reviewed by all the affected parties - partyicularly your supply chain, cyber and legal teams.  Make sure legal gets involved if the CSP wants to change these terms.

    ------------------------------
    Lee Neely CISSP, CISA,CRISC, CISM, GMOB, GPEN, GPYC, GAWN, GEVA
    CSA BOI
    Boise ID
    ------------------------------



  • 4.  RE: Challenges of Rapid Growth of Cloud Computing

    Posted May 18, 2021 10:29:00 AM
    Thank you for your reply! Yes, this makes sense and ties in nicely with what the CCSK training talks about throughout its modules on moving to the cloud in a secure manner.

    ------------------------------
    Jenna Morrison
    Training Department Intern
    Cloud Security Alliance
    ------------------------------