Providing customers with additional strategy of their organization’s approach to security and instrumental in enabling providers with the ability to communicate security best practices and countermeasures, cloud security frameworks outline the policies, tools, configurations, and rules paramount to the effective adoption and security management of an organization’s cloud infrastructure.
In tandem with network, endpoint, and DLP tools, cloud security frameworks aid in providing organizations with a holistic approach to security that identifies what sensitive data requires protection, its location, and the method with which it is secured.
Cloud Security Frameworks Vs. Compliance Frameworks
While similar to cloud security frameworks, cloud compliance differs in its primary concern of meeting regulatory standards applicable to data that is handled and stored by an organization. In congruence with best practices and depending on the needs of an organization, adding a cloud security framework that extends beyond the minimum mandated requirements found in a compliance framework is imperative for comprehensive and complete data loss prevention.
Generally applicable frameworks include those for governance (COBIT), architecture (SABSA), management standards (ISO/IEC 27001), and NIST’s Cybersecurity Framework, with additional specialized frameworks available depending on use case. In healthcare, an example of a specialized framework is HITRUST’s Common Security Framework.
Cloud Security Framework Examples
An executive order established to reduce risk to critical infrastructure, the NIST (National Institute of Standards of Technology) policy framework is widely used and consists of five critical pillars:
- Identify: Understand organizational requirements and complete security risk assessments.
- Protect: Implement safeguards to ensure your infrastructure can self-sustain during an attack.
- Detect: Deploy solutions to monitor networks and identify security-related events.
- Respond: Launch countermeasures to combat potential or active threats to business security.
- Recover: Create and deploy procedures necessary to restore system capabilities and network services in the event of a disruption.
What is a Cloud Security Architecture?
A written and visual reference on how to configure a secure cloud development, deployment, and operation, cloud security architectures provide a model that defines how an organization should handle the following:
- Identify users and manage access
- Determine appropriate security controls to protect applications and data across network, data, and application access.
- Attain visibility and insights into security, compliance, and threat posture.
- Cement security-based principles into the development and operation of cloud-based services.
- Maintain strict security policies and governances to meet compliance standards.
- Establish physical infrastructure security precautions.
Beneficial for organizations using multiple cloud platforms (such as Google Workspace, Slack, and AWS) or migrating legacy storage systems, cloud security architectures simplify and visually outline accompanying and in some cases multiple and varying security configurations and elements.
Best Approach to Cloud Security
When deciding the best approach to cloud security, qualifiers should include the compliance standards applicable to an organization’s industry and the type of data it’s required to protect. Second to establishing an appropriate compliance framework, additional cloud security and architecture frameworks can be layered for a level of security that extends beyond minimal compliance and into the depth, scope, and strategy necessary to meet the demands and threats and unique to each organization.
Connect with the author