Content, Content

NSA: Here’s How to Mitigate Cloud Vulnerabilities

Cloud misconfigurations, poor access controls and shared tenancy and supply chain vulnerabilities plague many organizations, and the National Security Agency (NSA) has released guidance to help organizations mitigate these issues.

The NSA offers several tips that organizations can use to address cloud vulnerabilities, such as:

1. Cloud Misconfigurations

  • Leverage cloud service policies to prevent users from sharing data publicly.
  • Deploy cloud or third-party tools to detect misconfigurations.
  • Limit access to cloud resources.
  • Audit data access logs.
  • Restrict data access.

    • 2. Poor Access Controls

    • Use multi-factor authentication.
    • Leverage cloud-based access controls.
    • Avoid the use of application programming interface (API) keys in software version control systems.

      • 3. Shared Tenancy and Supply Chain Vulnerabilities

      • Encrypt data at rest and in transit.
      • Use dedicated, whole-unit or bare-metal instances for sensitive workloads.
      • Choose cloud offerings that have components evaluated against National Information Assurance Partnership (NIAP) Protection Profiles.

        • MSSPs and Public Cloud Services Security

        MSSPs and MSPs also can leverage various solutions to help organizations limit cloud vulnerabilities.

        For example, Sophos last month extended its MSP Connect Flex billing options to Cloud Optix, a solution that automatically discovers and secures customer assets stored in Amazon Web Services (AWS), Microsoft Azure and Google Cloud. MSSPs and MSPs can access Cloud Optix via the Sophos Central platform.

        Furthermore, BlackBerry Cylance in October integrated CylancePROTECT and CylanceOPTICS with Chronicle Backstory, a Google Cloud-based security platform. This enables MSSPs and MSPs to leverage BlackBerry Cylance endpoint protection, threat detection, prevention and response capabilities in conjunction with a Google Cloud-based security analytics platform.

        Dan Kobialka

        Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.

        Related

        You can skip this ad in 5 seconds

        Cookies

        This website uses cookies to improve your experience, provide social media features and deliver advertising offers that are relevant to you.

        If you continue without changing your settings, you consent to our use of cookies in accordance with our privacy policy. You may disable cookies.