| Follow @lancinimarco | Subscribe to CloudSecList

Cloud Security Strategies

A collection of articles providing actionable advice for anyone looking to establish a cloud security program aimed at protecting cloud native offerings.

For a summarised view of the full list of controls/questions/advice contained in the articles, you can refer to the companion micro-website: https://roadmap.cloudsecdocs.com/

This is the high-level outline of the different sections:

Some actionable advice that can be undertaken to establish a cloud security program aimed at protecting a cloud native, service provider agnostic, container-based, offering.

    • The Goal: a Roadmap for Cloud Security Teams
    • The North Star
      1. Identify
      2. Protect
      3. Detect
      4. Respond
      5. Recover
    • Building the Roadmap
      1. Domains
      2. Controls
        1. Maturity Level 1 - The foundations
        2. Maturity Level 2
        3. Maturity Level 3
        4. Maturity Level 4
        5. Maturity Level 5
      3. Tasks
      4. Putting all Together: The Roadmap

A comprehensive guide that provides a structured approach to reviewing the security architecture of a multi-cloud SaaS company and finding its most critical components.

    • The challenge of prioritization
    • The Review Process
      1. Phase 1: Cloud Providers
      2. Phase 2: Workloads
      3. Phase 3: Code
    • Let's put it all together
      1. Useful summaries
      2. Document as you go

About

Hi, I'm Marco Lancini. I am a Principal Security Engineer, advisor, investor, and writer mainly interested in cloud native technologies, security, and technical leadership...  [read more] 

Buy me a coffeeBuy me a coffee

Sponsor

CloudSec* Projects

CloudSecBooks CloudSecDocs CloudSecList

Collections

Continuous Visibility into Ephemeral Cloud Environments
Cloud Security Strategies
The CloudSec Engineer - Previews
Kubernetes Primer for Security Professionals

Must Read

What to look for when reviewing a company's infrastructure
On Establishing a Cloud Security Program
Security Logging in Cloud Environments - GCP
Security Logging in Cloud Environments - AWS
Tracking Moving Clouds: How to continuously track cloud assets with Cartography
The Current State of Kubernetes Threat Modelling
Mapping Moving Clouds: How to stay on top of your ephemeral environments with Cartography
So I Heard You Want to Learn Kubernetes

Recent Articles

Migrating Terraform state from Terraform Cloud to S3
Zero Trust Access to Private Webapps on AWS ECS with Cloudflare Tunnel
Serverless Emails with Cloudflare Email Routing
Cyber Security Career Pathways
Serverless Ad Blocking with Cloudflare Gateway

Tags

Twitter Feed