Cloud Security Knowledge Sharing By Guy-Bertrand Kamga

To promote a Secure Cloud-Based Digital Transformation

Tag: Cloud Security Policy

Defining Effective Cloud Security Baseline

By

On 7 October 2018

In Governance, Risk and Compliance

One key aspect of an effective Cloud Security Strategy, is to have an organizational Cloud Security Policy defined and enforced.

An organization adopting cloud technologies without an effective Cloud Security Policy will certainly put its entire organization at risk.

I released an article entitled “How to define and implement an effective Cloud Security Policy” on Peerlyst security community, showing how an organization can formalize how it wants to benefit from the cloud technologies without jeopardizing its assets.

To facilitate and support a seamless & effective application of its Cloud Security Policy, an organization should define the subsequent Cloud Security Baselines, describing how its Cloud Security Policy should be implemented within each main cloud platform or solution.

For this purpose, I released on Peerlyst security community, a couple of articles that share some insights about the establisment of effective Cloud Security Baseline.

Those articles include:

  1. How to define effective Cloud Security Baselines
  2. How to define effective Cloud Security Baselines – Part 2
  3. How to define effective Cloud Security Baselines – Part 3: Application to Microsoft Azure

Pyramidal view of Cloud Security Risks

By

On 21 July 2018

In Governance, Risk and Compliance

As I described in most of my previous articles, defining and implementing an effective cloud security strategy requires the involvement of several stakeholders within and outside of an organization.

Indeed, defining and implementing the cloud security strategy‍ within an organization should include people from diverse entities, including:

  • Business Groups or Units
  • Information Technology (IT)
  • Cyber Security
  • Procurement and Supply Chain
  • Legal & Compliance
  • External partners (Cloud Service Providers, IT partners, Managed Service Providers, etc.)

Having all these diverse profiles involved, ensures that most of aspects will be taken into account in the cloud security strategy on one hand but on the other hand, this may lead to endless debates as the members will not have the same level of knowledge in terms of cloud computing.

Learn in this article posted on Peerlyst community, the common stakeholders’ positions or attitudes with regards to cloud security‍ as well as the multi-level or pyramidal view of cloud security risk‍s.

Key Management Models for Public Cloud Services

By

On 27 June 2018

In Governance, Risk and Compliance

Key management is one of important aspects a Cloud Service Customer (CSC) should carefully address in order to enable proper data protection in the public cloud environments.

There are several possible key management models or strategies that can be used, depending on your business requirements and risk appetite.

In this article I published in the Peerlyst community, you can learn different strategies for key management in public cloud, as well as example of baseline policies for managing encryption keys in public cloud services.

Tips for cloud security policy definition and implementation

By

On 27 June 2018

In Governance, Risk and Compliance

Cloud security policy is a key item of a cloud strategy as it drives all the cloud security activities required within an organization to ensure a secure and safe journey to the cloud.

If you are looking for a methodology to define and implement an effective cloud security policy for your organization or for one of your customers, this article I published on Peerlyst community might be of your interest.