Get a Handle on Implementing Critical Cloud Security Controls with New Guidelines

Anthony Freed
By | October 11, 2012

Posted in: Network Security Trends

Cloud computing offers companies the opportunity to cut costs by reducing outlays in hardware and by reducing the number of support staff required for maintenance of in-house data centers. But the move to the Cloud can be daunting for many organizations, who in study after study cite security concerns as the primary obstacle to migrating to managed service platforms.

In an effort to assist organizations in evaluating virtual and cloud infrastructure options, the Center for Internet Security (CIS) enlisted a panel of experts to produce key guidelines that are outlined in the recently released Quick Start: Cloud Infrastructure Benchmark report.

The recommendations are "designed for use by organizations and individuals in the public and private sectors to help them make informed decisions about navigating to the cloud and making sure the necessary security controls are in place for IT infrastructure in the cloud," according to a CIS press release.

The benchmark contains more than two-dozen recommended best practices covering a wide range of issues including patch management, access control assurance, and resource allocation, all in a format that is vendor and product neutral and which can be applied to any service platform.

"The Guide includes input from organizations representing the full spectrum of cloud operations, including infrastructure hosting, systems implementation and integration, and security assessment and audit," CIS notes in the press release.

CIS is a non-profit group established to promote expert collaboration regarding cybersecurity readiness and response initiatives. CIS runs the Multi-State Information Sharing and Analysis Center, and the Trusted Purchasing Alliance - both of which are IT security resources for state, local, territorial, and tribal governments - as well as the Security Benchmarks Division, which produced the Cloud benchmark study.

"Regardless of whether a user or organization manages its own security environment or outsources it, the need for security controls in the cloud is essential. Our purpose of this collaborative effort was to produce a clear set of recommendations that help people identify the most critical security steps to improve their security in the cloud," stated CIS President and CEO William F. Pelgrin.

The Quick Start: Cloud Infrastructure Benchmark is available for download at the CIS website.

You May Also Be Interested In: