Creating Cloud Security Solution
Chandan Lal Patary
Leading the Way in Business Transformation | Author of 8 Practical Guides | The Scrum Master Guidebook | The Product Owner Guidebook | The High Performance Team Coaching Guidebook | The Leadership Guidebook
My colleague is a part of a team who are working out the cloud security solution!
He was coaching the team to strengthen the solution's capability
During his coaching program, he was learning as well as coaching cloud security team members
Reshma is the product owner for the Cloud security solution design team
Mr. Coach was chatting with Reshma on Cloud security Soltion
Reshma, what are the initial ones we should consider for a Cloud security solution?
Mr. Coach, I would first find the users, assets, business environment, policies, vulnerabilities and threats, and risk management strategies (business and supply chain) that exist within our cloud environment.
I will assess the situation and check their advancement
Great Reshma
What next?
Mr. Coach,
I will describe parameters and policies implemented across users, data, and infrastructure to serve and manage the overall security posture.
This will safeguard that controls are in place
Great Reshma
What next?
Mr. Coach,
I will spell out the control responsibilities, security configurations, and security baseline automation.
I will incorporate industry standards and regulatory components into the architecture and ensure standards and regulatory responsibilities are matched.
I will preserve and secure traffic in and out of the organization’s cloud-based resources, comprising connection points between the corporate network and the public internet.
Great Reshma
领英推荐
How do we validate all of these?
That is a valuable question, Mr. Coach
We will do the initial penetration test. It allows organizations to assure citizens about the security of their data, as privacy laws involve.
We will do a segmentation check is an array of penetration tests used to validate that less-secure networks are not able to communicate with high-secure networks. we are testing the controls to make sure the segmentation in the business is working properly and doesn’t have any security holes.
we will also verify the enumeration of vulnerabilities and risks that are accessible from the Internet – the “hacker’s perspective” – and include expert manual validation and penetration testing.
Great Reshma
What next?
I will establish understanding, visibility, and control of all users (people, devices, and systems) that access corporate assets. Permits enforcement of access, permissions, and protocols.
I will safeguard data at rest and?crossing?between internal and external cloud connection points is encrypted to lessen breach impact.
That is sounds interesting!!
Is there any automation with the tool available?
Great question Mr coach!!
We will secure activities and regular observation (usually automated) of all activity on connected systems and cloud-based services to ensure compliance, visibility into operations, and awareness of threats.
We will integrate tools and processes to ensure visibility across an organizations multiple cloud deployments.
It was a nice exchange?Reshma, I?am sure you will incorporate all these during the design phase itself.
Yes, Mr. Coach, we ensure architecture design is amply agile to develop and incorporate new components and solutions without sacrificing essential security.
30 mins discussion was excellent insights about the cloud security solution that are in place for the team
What more can be done for Reshma to be well prepared for the solution?