Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Regulatory Compliance in the Cloud: What you Need to Know 
  • Critical Vulnerability
  • Data Breach

Regulatory Compliance in the Cloud: What you Need to Know 

4 years ago Chris Hudson
Regulatory Compliance in the Cloud: What you Need to Know 

Anyone reading this post will have at least dipped their toes into the world of cloud services. As a result of this massive growth, the world of compliance has spent much of the last decade catching up with the implications of cloud services.  

For hosted infrastructure, “catching up” presents an interesting set of challenges since cloud managed environments are often more rapidly updated and might only offer limited options for managing their security surface area. But that doesn’t mean organisations can claim they are safe just because their data is held/managed by a reputable cloud services provider. Fortunately, most of the security world is well aware of this and most compliance policy providers correspondingly have stepped up to help secure cloud workloads.  

Compliance Organisations and Standards for the Cloud 

For those who are just getting started or thinking about maturing their security posture it might be unclear what the exact compliance requirements are to harden their environments as they move to the cloud, the reality is that most of the organisations from the traditional IT world of compliance have extended their coverage to consider what secure looks like in the age of cloud computing including: 

COBIT 

“COBIT is the acronym for Control Objectives for Information and Related Technologies. The COBIT framework was created by ISACA (the Information Systems Audit and Control Association – an international professional association focused on IT governance) to bridge the crucial gap between technical issues, business risks and control requirements” 

FedRAMP 

“The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.” 

NESA 

The National Electronic Security Authority (NESA) — the federal authority for United Arab Emirates (UAE) that’s charged with strengthening the nation’s cybersecurity measures — is making greater strides to protect critical sectors against cyberattacks. 

NIST sp800-171/sp800-53 

 – NIST SP 800-171 is a NIST Special Publication that provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI).  Defense contractors must implement the recommended requirements contained in NIST SP 800-171 to demonstrate their provision of adequate security to protect the covered defense information included in their defense contracts. 

PCI DSS 

“The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.”  

SOX  

“Part of the SOX internal controls includes a company’s IT procedures including things such as who has access to what data, where and how is the data stored, how is data integrity maintained, etc.” 

Many of these names will already be familiar to those who have sought to pass a compliance audit for on-premise infrastructure – so it’s perhaps not surprising that many of these policy organizations offer coverage for cloud first Operating Systems such as Amazon Linux – a key component in AWS server environments. Similar coverage for Microsoft and their ever-popular Window Server Operating Systems are also covered by almost every policy provider.  

Compliance – Getting Started on the Journey

So what is there to consider once you’ve identified what your compliance goals are and you’ve expanded into the cloud? The first important consideration is that whilst many cloud vendors will support a number of security controls and best practice settings out-of-the-box that will help protect you, most compliance policies will suggest stricter than “default” regimes to ensure that your data is kept safer still and keep you on the right side of the law.  

Getting started with policy compliance need not be difficult though and getting those hardened configurations in place might take less time than you might first think. Automated tools to assess and even guide you on how to resolve areas of your configuration that are non-compliant are widely available and can give you a significant head-start in comparison to manual compliance checks on individual machines, especially as your cloud workload grows. 

Compliance – Regulation and Risk 

Whilst compliance for many might feel like a chore, but, in reality, it should be right at the top of your security checklists for two major reasons.  

First of all, regulation will often mandate particular levels of compliance to show that you are doing right and it’s these compliance standards that regulation will often lean upon to demonstrate your engagement with security best practices.  

But the second reason might be the more important one in today’s cloud environments – being caught out by an audit or a breach can seriously hurt your firm financially as well as trust in your organisation. An always on, cloud powered solution does not change the need for compliance, and it is highly likely that the controls you’ve seen before with traditional infrastructure will remain every bit as or, perhaps even more, important. As result, there really is no excuse to skirt compliance requirements.  

Ultimately, assessing and working to improve your compliance with the relevant standard is a key step towards a good security foundation – and one we should all be catching up to in the era of cloud computing.  

 

The post ” Regulatory Compliance in the Cloud: What you Need to Know “ appeared first on TripWire

Source:TripWire – Chris Hudson

Tags: Cloud, Critical Severity, Goverment, Linux, Microsoft, TripWire

Continue Reading

Previous Chinese “Twisted Panda” Hackers Caught Spying on Russian Defense Institutes
Next PayPal Pays a Hacker $200,000 for Discovering ‘One-Click-Hack’ Vulnerability

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

2 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

5 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack

17 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

22 hours ago [email protected] (The Hacker News)
  • Data Breach

The Buyer’s Guide to AI Usage Control

23 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

1 day ago [email protected] (The Hacker News)

Recent Posts

  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
  • Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
  • AISURU/Kimwolf Botnet Launches Record-Setting 31.4 Tbps DDoS Attack
  • ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
  • The Buyer’s Guide to AI Usage Control

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT