The Inner Circle

 View Only

Latest Discussion Posts

  • I agree. The question is what data is being transferred and also where K8S/pods are being run - i.e., do you trust the environment, is it your own DC or public cloud. I erh to the side of caution and thus better to have encryption (and more) though it ...

    2 people like this.
  • Hi Eleftherios. Thank you for replying. Your comments have made me understand CAIQ more clearly. If I have more questions, I will ask the chapter in Japan. Best regards, ------------------------------ Masahiro Haneda CCSK, CCSP and CISSP Security ...

    1 person likes this.
  • I just perused today a white paper written by Jessica Newman, from UC Berkeley's Center for Long-Term Cybersecurity (CLTC), which adds an extra dimension to the NIST AI Risk Management Framework. The report is entitled "A Taxonomy of Trustworthiness ...

    2 people like this.
  • It really depends on the situation, for example, what data is being transferred. Without the details, it could be a no, it's not best practice. It's probably better to figure out how K8s is configured because if there are huge holes there, encryption ...

    1 person likes this.
  • Interesting question because I've had a similar one. But a couple of things that I've encountered in my journey are: 1) certificates used to enable the traffic need to be updated and renewed, how donyou automate this process 2) side car injection of ...

    3 people like this.

Announcements

  • Open Peer Reviews

    Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
    Open Until: 3/31/2023
    Learn More → https://csaurl.org/2wstxx

  • Upcoming Cloudbyte Webinars

    How to Automate Security, Governance & Privacy for Cloud Data Innovation
    Date: 1/31/23
    Time: 10:00 AM CST
    Register Here → https://csaurl.org/fdvob2

  • January Research Releases

    ACSP Training Course Outline | CSA
    Release Date: 1/17/23
    Summary: An outline of the topics covered and what you'll be building in the labs each day of the Advanced Cloud Security Practitioner (ACSP) Training. 
    Download this Resource → https://csaurl.org/u4djra

    CSA Data Lake Threat Modeling
    Release Date: 1/26/23
    Summary: As cloud platforms expand further and further into business uses, the need to understand the attack surface to your data becomes much more apparent. With the help from NTT Data and Marymount University, CSA has released for peer review our Data Lake threat modeling exercise spreadsheet. In this document, numerous elements of data lakes have been taken into consideration and have been applied a specific threat scenario. Each one of these scenarios has been applied to the STRIDE framework, as well as been provided countermeasures for possible corrections and controls. Lastly, you will be able to see the mapping of each threat scenario to its specific attack library framework. 
    Download this Resource → https://csaurl.org/k15wcb