Hi All,
NSA CISA just published Use Secure Cloud Identity and Access Management Practices
Users seeking alternatives to traditional on-premises (on-prem) infrastructure and services have turned to cloud technology increasingly over the years. These on-demand services allow for remote storage, compute resources, and sharing of data between authorized users that enables a wider range of collaboration and mission flexibility. However, cloud environments pose unique security challenges. Proper identity protection practices and access control policies are necessary to help provide integrity and confidentiality of data in the cloud. Malicious cyber actors (MCAs) frequently target cloud environments due, in part, to their remote nature and shared security models. The purpose of this cybersecurity information sheet (CSI) is to explain some of the common threats to cloud identity management, and to recommend best practices organizations should employ to mitigate these threats when operating in the cloud.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------