Hi All,
NSA and CISA just published Implement Network Segmentation and Encryption in Cloud Environments
Network security is a crucial component for cloud users to configure properly. Historically, network security practices have focused on perimeter security, with few additional restrictions once authenticated to an organization's internal network and the acceptance of unauthenticated and vulnerable "internal" protocols. Over the years, this has changed with the push to adopt Zero Trust (ZT) security principles such as:
Tying identity information into network requests
Implementing end-to-end encryption
Micro segmenting the network
This cybersecurity information sheet (CSI) makes recommendations for implementing these principles in a cloud environment, which can differ from on-premises (on-prem) networks. While on-prem networks require specialized appliances to enable ZT, cloud technologies natively provide the necessary infrastructure and services for implementing these recommendations to varying degrees. This CSI focuses on best practices using features commonly available in cloud environments.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------