Hi All,
The NSA just published Uphold the Cloud Shared Responsibility Model.
The threat landscape of the cloud differs from that of a traditional on-premises environment. An increasing reliance on the cloud brings new complexities and security challenges, and as a result, adversaries are increasingly targeting these environments. Customers often incorrectly assume that the cloud service provider (CSP) manages important aspects of safeguarding resources in the cloud that are not the CSP's responsibility. CSPs provide highly automated, software-defined, and application programming interface (API)-driven platforms that "do what they're told" by customers without any human oversight on the CSP side.
Misconfiguration and lack of security controls are significant risks in cloud environments. Both the customer and the CSP are accountable for securing cloud environments. The shared responsibility model outlines the different responsibilities between the customer and the CSP. Good cloud security results from understanding those responsibilities and upholding them in partnership. The purpose of this cybersecurity information sheet (CSI) is to educate and inform the audience regarding a security and compliance cloud framework that outlines the responsibilities of both the CSP and the customer with securing every aspect of their selected cloud instance.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------