I'd say this is an over generalization.
We have a significant annual spend on cybersecurity in the cloud, not including SOC employees (who ain't cheap). The idea that everyone thinks that the cloud providers are providing all the security is a pretty big leap.
Security is a function of design and best practice, as well as continuous awareness of the treats your infrastructure faces in operational environments, on prem, in the cloud or anywhere else. I think the vast majority of professionals are WELL aware of this fact.
------------------------------
Jonathan Flack Managing Director, ACM, CNCF, CSA
------------------------------
Original Message:
Sent: Apr 28, 2023 09:36:47 AM
From: kabanda Richard
Subject: Have your say - Discussion Draft of the NIST Cybersecurity Framework 2.0 Core
Hi Nya,
Thanks for sharing.
Many companies today see security as the biggest challenge for cloud adoption, A lot has changed after the COVID-19 Pandemic and unfortunately, NIST has little to say about the threats to cloud environments or securing cloud computing systems. Remember as IT security experts, we take the NIST CSF as the golden standard and we believe that once you are compliant with it, then you are safe for the biggest percentage. Also, many of our users tend to ignore the security of their devices because they're connecting to a cloud provider whom they think is totally in charge of their security. Some guidelines may be needed here.
-- Thanks and regards,
Richard Kabanda
MS. Cybersecurity & Networks Student
Original Message:
Sent: 4/27/2023 12:15:00 PM
From: Nya Murray
Subject: Have your say - Discussion Draft of the NIST Cybersecurity Framework 2.0 Core
This is a significant update on V 1 - worth reading and contributing. Discussion Draft of the NIST Cybersecurity Framework 2.0 Core
In the past, the SDP Working Group responded collectively - small group, good communication, good cohesion of ideas, able to collaborate.
------------------------------
Nya Murray
Director
Trac-Car
------------------------------