Difference between revisions of "User:Shawndouglas/sandbox/sublevel1"
Shawndouglas (talk | contribs) |
Shawndouglas (talk | contribs) |
||
Line 1: | Line 1: | ||
[[File:Cloud-Security.png|right|400px]]Just as turning to a CSP's [[infrastructure as a service]] (IaaS) offloads much of the responsibility for supporting IT infrastructure to someone else, you can also offload a significant portion of the responsibility for supporting cloud security to someone else. As such, the vendor of managed security services (MSS)—whether it's the CSP itself or a third-party cloud-friendly MSSP—manages cloud-based security aspects such as vulnerability testing, intrusion detection, firewall management, virtual private network (VPN) management, security reporting, and technical support for your cloud implementation. As such, most of your internal IT staff can be freed to focus on other aspects of the business' IT infrastructure and operational developments. | [[File:Cloud-Security.png|right|400px]]Just as turning to a CSP's [[infrastructure as a service]] (IaaS) offloads much of the responsibility for supporting IT infrastructure to someone else, you can also offload a significant portion of the responsibility for supporting cloud security to someone else. As such, the vendor of managed security services (MSS)—whether it's the CSP itself or a third-party cloud-friendly MSSP—manages cloud-based security aspects such as vulnerability testing, intrusion detection, firewall management, virtual private network (VPN) management, security reporting, and technical support for your cloud implementation. As such, most of your internal IT staff can be freed to focus on other aspects of the business' IT infrastructure and operational developments. | ||
But turning to MSS for your cloud implementation should be about more than just staffing relief. Outsourcing security services may also have other perceived benefits to an organization, such as gaining operational and financial efficiency, increasing service availability, and avoiding technological obsolescence.<ref name="FFIEC_Out04">{{cite web |url=https://ithandbook.ffiec.gov/media/274841/ffiec_itbooklet_outsourcingtechnologyservices.pdf |format=PDF |title=Outsourcing Technology Services |author=Federal Financial Institutions Examination Council |publisher=FFIEC |date=June 2004 |accessdate=21 August 2021}}</ref> To be sure, managing [[cybersecurity]] in the cloud is both vital to and difficult for the average organization, particularly small organizations like independent laboratories with constrained budgets. Managing the physical and cybersecurity complexities associated with the likes of the [[Health Insurance Portability and Accountability Act]] (HIPAA), the [[General Data Protection Regulation]] (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) can be daunting, particularly given a lack of sufficient in-house expertise. Throw hybrid and multicloud deployments into the mix, and you suddenly require even more in-house expertise for development in public cloud environments like AWS and Microsoft Azure. When also considering that traditional on-premises IT security experience is not enough to manage cloud implementations, it's not difficult to imagine a scenario where an inexperienced IT staff could misconfigure a network security setting and compromise sensitive data within a cloud implementation.<ref name="TrianzHowMana21" /> | But turning to MSS for your cloud implementation should be about more than just staffing relief. Outsourcing security services may also have other perceived benefits to an organization, such as gaining operational and financial efficiency, increasing service availability, and avoiding technological obsolescence.<ref name="FFIEC_Out04">{{cite web |url=https://ithandbook.ffiec.gov/media/274841/ffiec_itbooklet_outsourcingtechnologyservices.pdf |format=PDF |title=Outsourcing Technology Services |author=Federal Financial Institutions Examination Council |publisher=FFIEC |date=June 2004 |accessdate=21 August 2021}}</ref> To be sure, managing [[cybersecurity]] in the cloud is both vital to and difficult for the average organization, particularly small organizations like independent laboratories with constrained budgets. Managing the physical and cybersecurity complexities associated with the likes of the [[Health Insurance Portability and Accountability Act]] (HIPAA), the [[General Data Protection Regulation]] (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) can be daunting, particularly given a lack of sufficient in-house expertise. Throw hybrid and multicloud deployments into the mix, and you suddenly require even more in-house expertise for development in public cloud environments like AWS and Microsoft Azure. When also considering that traditional on-premises IT security experience is not enough to manage cloud implementations, it's not difficult to imagine a scenario where an inexperienced IT staff could misconfigure a network security setting and compromise sensitive data within a cloud implementation.<ref name="TrianzHowMana21">{{cite web |url=https://www.trianz.com/insights/managed-cloud-security-services-how-and-why-it-works |title=How Managed Cloud Security Works, and Why You Might Want It |publisher=Trianz |date=29 March 2021 |accessdate=21 August 2021}}</ref> | ||
An optimally run set of managed security services by a knowledgeable and experienced organization able to offer and stick to clear, legally defensible service level agreements and information governance mechanisms<ref name="SmallwoodInform14">{{cite book |title=Information Governance: Concepts, Strategies, and Best Practices |chapter=Chapter 1: The Onslaught of Big Data and the Information Governance Imperative |author=Smallwood, R.F. |publisher=Wiley |pages=3–13 |year=2014 |isbn=9781118218303}}</ref><ref name="O'NeillInform15">{{cite web |url=https://www.daymarksi.com/information-technology-navigator-blog/information-governance-a-principled-framework |title=Information Governance: A Principled Framework |author=O'Neill, S. |work=Daymark Blog |date=22 October 2015 |accessdate=21 August 2021}}</ref> makes sense for organizations without the necessary technical expertise and with significant liability should something go wrong. The complexities of running secure operations in the cloud only increase the importance of such an MSSP. Such a provider is able to<ref name="DotsonPract19">{{cite book |title=Practical Cloud Security: A Guide for Secure Design and Deployment |chapter=Chapter 7: Detecting, Responding to, and Recovering from Security Incidents |author=Dotson, C. |publisher=O'Reilly Media |pages=139–71 |year=2019 |isbn=9781492037514}}</ref>: | An optimally run set of managed security services by a knowledgeable and experienced organization able to offer and stick to clear, legally defensible service level agreements and information governance mechanisms<ref name="SmallwoodInform14">{{cite book |title=Information Governance: Concepts, Strategies, and Best Practices |chapter=Chapter 1: The Onslaught of Big Data and the Information Governance Imperative |author=Smallwood, R.F. |publisher=Wiley |pages=3–13 |year=2014 |isbn=9781118218303}}</ref><ref name="O'NeillInform15">{{cite web |url=https://www.daymarksi.com/information-technology-navigator-blog/information-governance-a-principled-framework |title=Information Governance: A Principled Framework |author=O'Neill, S. |work=Daymark Blog |date=22 October 2015 |accessdate=21 August 2021}}</ref> makes sense for organizations without the necessary technical expertise and with significant liability should something go wrong. The complexities of running secure operations in the cloud only increase the importance of such an MSSP. Such a provider is able to<ref name="DotsonPract19">{{cite book |title=Practical Cloud Security: A Guide for Secure Design and Deployment |chapter=Chapter 7: Detecting, Responding to, and Recovering from Security Incidents |author=Dotson, C. |publisher=O'Reilly Media |pages=139–71 |year=2019 |isbn=9781492037514}}</ref>: |
Revision as of 23:39, 3 February 2022
Just as turning to a CSP's infrastructure as a service (IaaS) offloads much of the responsibility for supporting IT infrastructure to someone else, you can also offload a significant portion of the responsibility for supporting cloud security to someone else. As such, the vendor of managed security services (MSS)—whether it's the CSP itself or a third-party cloud-friendly MSSP—manages cloud-based security aspects such as vulnerability testing, intrusion detection, firewall management, virtual private network (VPN) management, security reporting, and technical support for your cloud implementation. As such, most of your internal IT staff can be freed to focus on other aspects of the business' IT infrastructure and operational developments.
But turning to MSS for your cloud implementation should be about more than just staffing relief. Outsourcing security services may also have other perceived benefits to an organization, such as gaining operational and financial efficiency, increasing service availability, and avoiding technological obsolescence.[1] To be sure, managing cybersecurity in the cloud is both vital to and difficult for the average organization, particularly small organizations like independent laboratories with constrained budgets. Managing the physical and cybersecurity complexities associated with the likes of the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and the Payment Card Industry Data Security Standard (PCI DSS) can be daunting, particularly given a lack of sufficient in-house expertise. Throw hybrid and multicloud deployments into the mix, and you suddenly require even more in-house expertise for development in public cloud environments like AWS and Microsoft Azure. When also considering that traditional on-premises IT security experience is not enough to manage cloud implementations, it's not difficult to imagine a scenario where an inexperienced IT staff could misconfigure a network security setting and compromise sensitive data within a cloud implementation.[2]
An optimally run set of managed security services by a knowledgeable and experienced organization able to offer and stick to clear, legally defensible service level agreements and information governance mechanisms[3][4] makes sense for organizations without the necessary technical expertise and with significant liability should something go wrong. The complexities of running secure operations in the cloud only increase the importance of such an MSSP. Such a provider is able to[5]:
- monitor for, identify, assess, and react to vulnerabilities, intrusions, and other threats;
- audit, adjust, and patch native security settings;
- improve encryption, firewall, and anti-malware mechanisms;
- manage and secure connected devices;
- manage and improve identity access management; and
- provide detailed reports about the state of organizational infrastructure.
References
- ↑ Federal Financial Institutions Examination Council (June 2004). "Outsourcing Technology Services" (PDF). FFIEC. https://ithandbook.ffiec.gov/media/274841/ffiec_itbooklet_outsourcingtechnologyservices.pdf. Retrieved 21 August 2021.
- ↑ "How Managed Cloud Security Works, and Why You Might Want It". Trianz. 29 March 2021. https://www.trianz.com/insights/managed-cloud-security-services-how-and-why-it-works. Retrieved 21 August 2021.
- ↑ Smallwood, R.F. (2014). "Chapter 1: The Onslaught of Big Data and the Information Governance Imperative". Information Governance: Concepts, Strategies, and Best Practices. Wiley. pp. 3–13. ISBN 9781118218303.
- ↑ O'Neill, S. (22 October 2015). "Information Governance: A Principled Framework". Daymark Blog. https://www.daymarksi.com/information-technology-navigator-blog/information-governance-a-principled-framework. Retrieved 21 August 2021.
- ↑ Dotson, C. (2019). "Chapter 7: Detecting, Responding to, and Recovering from Security Incidents". Practical Cloud Security: A Guide for Secure Design and Deployment. O'Reilly Media. pp. 139–71. ISBN 9781492037514.