Tips for Applying NIST Best Practices in the Public Cloud
When it comes to cloud, there are often questions about where the responsibility lies for protecting and securing the data it contains. If you rely on an AWS public cloud, for example, to retain your data – is security your responsibility or theirs?
The answer to the roles for cloud security is a simple one if you think about it like a public storage facility. You may be given a storage unit with a door and a key, but the contents you store in the storage unit is packed in your boxes and moved in your car or truck. The stuff you store is yours, so it’s up to you to pack it well, wrap the glasses so they don’t break and stack the boxes in such a way so as not to damage your contents.
So it is with the public cloud. You’re responsible for the security “in” the cloud. Items including network traffic, user activities and resource configurations are yours to manage and not the responsibility of the cloud provider.
Just like the storage facility, however, there are other aspects that are the responsibility of the cloud service provider. For your storage unit, it’s the storage facility company’s job to maintain the roof so your contents don’t get wet, have insurance to protect you from physical disaster, or maintain the doors and locks so that no one can break in.
In the cloud, the cloud service provider should follow this same philosophy, maintaining responsibility for the security “of” the cloud. It’s up to them to have properly performing routers, switches and hubs. It’s also their responsibility to provide the hypervisor and data center infrastructure for you to properly, and securely, maintain your data.
While it’s a shared responsibility, there are clearly defined roles for the organization and cloud provider alike. Only when both follow their specific roles will your data be truly secure. But how can you ensure that everyone is following their defined role? Consider implementing NIST best practices.
Enter the Role of NIST
What is NIST? NIST is a set of optional standards, best practices, and recommendations for cybersecurity that aims to standardize practices for uniform protection of all US cyber assets. At its core is the voluntary Cybersecurity Framework (CSF) that affects anyone who makes decisions about cybersecurity in their organization. This thorough documentation provides a valuable guideline to help each organization promote the protection and resilience of critical infrastructure.
Offering specific guidance for improving critical infrastructure cybersecurity, the NIST CSF outlines practices in the following key areas: identify, protect, detect and respond. The challenge is that the framework doesn’t specifically spell out best practices for the public cloud. It does, however, deliver significant guidance that applies to cloud-based data – if you know how best to follow it.
To learn how to apply the NIST CSF guidance – in the areas of identify, protect, detect and respond – to your public cloud data, watch the following on demand webinar:
Here you’ll learn how to apply NIST CSF guidance for your public cloud data for the secure environment your organization demands.