A Single Partner for Everything You Need Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner. However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Cloud Critical Controls Breadcrumb Home Insights Blog Cloud Critical Controls January 31, 2018 Cloud Critical Controls It’s no secret – organizations are moving to the cloud faster than their security teams can secure them. The daunting task of catching up to the security needs of the cloud can overwhelm and frustrate security professionals and business transformation leaders. While a thorough cloud security strategy is an essential part of cloud adoption, this process can take more than a year to implement. During this period, cloud adoption will continue to happen without any validated security program. While many cloud architects and developers will follow established “best practices,” there is little to no validation or verification that can be applied to the security work done. What’s needed is a set of baseline cloud security controls and capabilities that can be applied to any cloud environment to establish a minimum level of security competency. More than a simple control matrix, the cloud critical controls lay out provider-specific capabilities that can be implemented without slowing down the dev-ops process. Optiv has established a comprehensive cross platform set of cloud critical controls based on a combination of the Cloud Security Alliance’s Cloud Control Matrix (CCM), Center for Internet Security (CIS) consensus-based benchmark and our own experience. Implementing critical security controls for the 10 cloud domains listed below will give your organization insight into the following questions: Architecture Is your architecture designed for cloud consumption? Do you fully understand the “shared responsibility model?” Identity and Access Management Are you giving too much access privilege to users? How are you maintaining user access? Data Is your data protected at all times? What is your level of visibility into whom and how different types of data are being shared? Visibility How are you monitoring the usage of cloud applications and the transfer of data for malicious activity? Threat Protection Do you have processes in place to address the full lifecycle from identification, analysis, treatment, risk management and resolution? Application Security Do you follow software development lifecycle (SDLC) and stage gate process during development? What security architecture principles defines your development of applications? Governance, Risk and Compliance Have you built baseline security requirements for your cloud implementation? How do you deal with deviation from it? Incident Response How do you respond to incident-level alerts from verification to event closure as a holistic enterprise incident management function? Business Resilience (Business Continuity and Disaster Recovery) Do you have a consistent unified framework for addressing business resiliency, including disaster recovery, continuity and reliability as it relates to cloud workloads (and security)? Legal and Privacy How do you address legal and privacy considerations such as the EU General Data Protection Regulation (GDPR), data sovereignty, and other local and regional applicable regulations in the cloud? Many of these controls can be verified through the cloud providers’ API delivering continuous validation. Others will help establish baseline policies and awareness that can be applied with minimal effort. These critical controls covering cloud service providers such as AWS, Azure and Office 365 are maintained on a regular basis and updated to reflect new security feature releases from the cloud providers. While not a complete cloud security program, implementing security controls in each of these cloud domains is a strong start to a comprehensive cloud security program. By: John Turner Senior Director, Cloud Security John Turner is an accomplished IT executive with more than 20 years of leadership and operational IT experience. As senior director of cloud security enablement at Optiv, Turner’s team of cloud architects are responsible for helping to ensure the successful integrated delivery of cloud security solutions. Turner plays a key part in bringing different areas of Optiv’s team together to deliver seamless cross practice wins. Turner also works as part of the cloud leadership team to define Optiv’s strategy and product portfolio. Share: Hacker Network Security Center for Internet Security Threat
Would you like to speak to an advisor? Let's Talk Cybersecurity Provide your contact information and we will follow-up shortly. Let's Browse Cybersecurity Just looking? Explore how Optiv serves its ~6,000 clients. Show me AI Security Solutions Show me the Optiv brochure Take me to Optiv's Events page Browse all Services