| Follow @lancinimarco | Subscribe to CloudSecList

Cloud Security Strategies

A collection of articles providing actionable advice for anyone looking to establish a cloud security program aimed at protecting cloud native offerings.

For a summarised view of the full list of controls/questions/advice contained in the articles, you can refer to the companion micro-website: https://roadmap.cloudsecdocs.com/

This is the high-level outline of the different sections:

Some actionable advice that can be undertaken to establish a cloud security program aimed at protecting a cloud native, service provider agnostic, container-based, offering.

    • The Goal: a Roadmap for Cloud Security Teams
    • The North Star
      1. Identify
      2. Protect
      3. Detect
      4. Respond
      5. Recover
    • Building the Roadmap
      1. Domains
      2. Controls
        1. Maturity Level 1 - The foundations
        2. Maturity Level 2
        3. Maturity Level 3
        4. Maturity Level 4
        5. Maturity Level 5
      3. Tasks
      4. Putting all Together: The Roadmap

A comprehensive guide that provides a structured approach to reviewing the security architecture of a multi-cloud SaaS company and finding its most critical components.

    • The challenge of prioritization
    • The Review Process
      1. Phase 1: Cloud Providers
      2. Phase 2: Workloads
      3. Phase 3: Code
    • Let's put it all together
      1. Useful summaries
      2. Document as you go