As the global cloud computing market matures, enterprises are developing new cloud security models to account for a different set of IT risks and challenges. Many have retrofitted traditional infrastructure security models or relied on models put out by non-profit cybersecurity organizations.
Recently, IANS (Institute for Applied Network Security) recently teamed up with Securosis and the Cloud Security Alliance to develop a Cloud Security Maturity Model. This model provides a diagnostic tool to help organizations understand what their cloud security journey looks like, and more importantly, to be able to consciously determine how mature they want to be for each category.
Explore IANS’ Cloud Security Maturity Model Diagnostic Tool. (The diagnostic is free, but you have to register.)
Many security and compliance frameworks (i.e. HIPAA) are focused on basic tools and results (i.e. “Install antivirus”) versus how these standards are maintained over time. We like that the IANS model focuses on infrastructure automation and management rather than on tool usage.
The value of the diagnostic is that it leads you through each of the 11 “Factors”, including Account Security, IAM, Monitoring, and Development Processes, and then through each guideline (ex. in Development Processes, “Use of a standard DevOps pipeline with security integrated directly into project templates”).
We expect that this IANS model will be a go-to resource for organizations and cloud security professionals who want an objective framework for cloud security.
Logicworks helps companies build, automate, and manage AWS and Azure cloud environments. We specialize in compliance services for highly regulated industries. To learn more, visit our website at www.logicworks.com.