Anyone reading this post will have at least dipped their toes into the world of cloud services. As a result of this massive growth, the world of compliance has spent much of the last decade catching up with the implications of cloud services.  

For hosted infrastructure, “catching up” presents an interesting set of challenges since cloud managed environments are often more rapidly updated and might only offer limited options for managing their security surface area. But that doesn’t mean organisations can claim they are safe just because their data is held/managed by a reputable cloud services provider. Fortunately, most of the security world is well aware of this and most compliance policy providers correspondingly have stepped up to help secure cloud workloads.  

Compliance Organisations and Standards for the Cloud 

For those who are just getting started or thinking about maturing their security posture it might be unclear what the exact compliance requirements are to harden their environments as they move to the cloud, the reality is that most of the organisations from the traditional IT world of compliance have extended their coverage to consider what secure looks like in the age of cloud computing including: 

COBIT 

“COBIT is the acronym for Control Objectives for Information and Related Technologies. The COBIT framework was created by ISACA (the Information Systems Audit and Control Association – an international professional association focused on IT governance) to bridge the crucial gap between technical issues, business risks and control requirements” 

FedRAMP 

“The Federal Risk and Authorization Management Program (FedRAMP) is a United States federal government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.” 

NESA 

The National Electronic Security Authority (NESA) — the federal (Read more...)