Cloud Security
Cloud computing has several benefits like agility, availability, elasticity and a possibility for cost savings as well as leverages leading-edge technologies to meet the information processing needs of our member organizations. However, the change in control dynamics (both in terms of ownership and management) with respect to IT resources poses security challenges.
Objectives
The objectives of the Focus group are:
- Identify security issues and implementation challenges involved in the use of cloud computing services;
- Assist the participants with the adjustment of their organization and internal processes required for migration to the cloud;
- Provide practical approaches for the security management of cloud operations;
- Provide guidance for the application of risk management frameworks to cloud-based information systems; explore various methodologies for cloud security assessments;
- Improve vendor management to obtain more value from the strategic relationship with Cloud Service Providers;
- Enhance the participants’ cloud computing maturity through training and certification activities;
- Capture industry knowledge from both inside and outside the Coalition;
- Keep track of new approaches to cloud security, cloud management, use of AI, posture assessment automation, DevOps, Shift Left, etc.
Topics
Topics dealt with so far included a.o. cloud governance, internal processes and organization, security management of cloud operations, contractual management, training & certification, legal challenges resulting from the Cloud Act and the Data Act, and cloud security tooling.
Practices
The Focus Group generally convenes on a quarterly basis. The meetings are in-person or virtual.
In function of the topics chosen, members of other focus groups may be invited to join the meeting.
External parties such as Cloud Service Providers are invited to discuss items of common interest such as shared audits, terms & conditions, GDPR-compliancy, licenses and their costs, service delivery issues and new developments.
Industry knowledge is brought in from abroad by inviting experts on specific topics.
The sub-group is designing an effective phishing assessment programme to be included as a part of a complete Phishing Deployment Package.
How to join the group
The Cloud Security Focus Group includes practitioners responsible for cloud security implementation within their organization. Eligible profiles include cloud architects, cloud security architects, cloud security engineers, cloud security analysts, and business analysts.