What Security Standards/Regulations should be considering when adopting Cloud Technologies?

Cyber security and incident response in cloud environments must adapt to the unique challenges posed by the cloud’s scale, architecture, and multi-tenancy. To manage these complexities effectively, several standards, frameworks and guidelines have been developed.

There are well established, tried and tested resources that provide structured approaches and best practices for good Cloud Cyber hygiene and preparing, managing and recovering from security incidents. These include the following which are by no means exclusive or exhaustive in detail:

NIST SP 800-53

• Description – This publication from the National Institute of Standards and Technology (NIST) provides a comprehensive set of security controls, including those specific to incident response, that federal information systems and organizations should implement.
• Relevance to Cloud – The controls can be tailored for cloud infrastructures, offering guidelines on how to handle incident detection, analysis, and response.

NIST SP 800-61

• Description – This is the Computer Security Incident Handling Guide from NIST, which specifically addresses incident response.
• Relevance to Cloud – It provides a framework for establishing an incident response capability and outlines the key steps involved in handling incidents, with considerations for cloud environments.

ISO/IEC 27017 & 18

• Description – Guidelines for information security controls applicable to the provision and use of cloud services and  for implementing measures to protect Personal information in line with the privacy principles in ISO/IEC 29100 for public cloud computing environments.
• Relevance to Cloud – It includes specific recommendations for cloud governance and incident response readiness.

ISO/IEC 27035

• Description – An international standard for information security incident management.
• Relevance to Cloud – While not cloud-specific, ISO 27035 offers principles, structures, and processes that can be applied to cloud incident response, ensuring a systematic approach to managing security incidents.

Cloud Security Alliance (CSA) Guidance

• Description – The CSA offers extensive guidance on best practices for securing cloud computing.
• Relevance to Cloud – It includes specific recommendations for cloud incident response, such as integrating cloud environments into existing incident response plans and leveraging cloud-specific tools.

CSA Cloud Controls Matrix (CCM)

• Description – A cybersecurity control framework for cloud computing composed of security controls mapped to leading standards, regulations, and best practices.
• Relevance to Cloud – Among the matrix, there are specific controls dedicated to incident response that cater to the nuances of cloud architectures.

ENISA (European Union Agency for Cybersecurity) Guidelines

• Description – ENISA provides comprehensive guidelines for Incident Response in cloud environments.
• Relevance to Cloud – The guidelines cover the preparation, detection and analysis, containment, eradication, and recovery stages specifically designed for cloud systems.

By adhering to recognised frameworks and standards and employing strategic techniques, organizations can enhance their Cyber posture and preparedness for handling and mitigating incidents in cloud environments, thus maintaining operational resilience and safeguarding data integrity.

As a final thougnt, here is a starter check list:

• Automated Security Tools –  Utilizing automated tools for real-time threat detection and response, leveraging AI and machine learning capabilities to scale with the cloud environment.
• Forensic Readiness –  Planning and implementing measures that ensure data is available and usable for forensic purposes without infringing on legal requirements.
• Integration of DevSecOps –  Incorporating security as a fundamental part of the development and operational phases in the cloud to ensure continuous security monitoring and incident response.
• Segmentation and Micro segmentation –  Employing these techniques to contain incidents within a specific zone of the cloud, minimizing the blast radius of security breaches.