When managing the security of your Cloud, ask the following questions:
- Is your company demonstrating good security hygiene when using cloud services?
- Is the cloud services provider demonstrating good security hygiene in operating the cloud services that you consume?
Refer to the following instructions to better manage your cloud security within the Bitsight platform:
- Go to the Tier Settings page to create a tier for managing your cloud services.
- We’ll use “Cloud Services” in our examples. Depending on the service provider, refer to the following instructions:
Cloud Service Provider Instructions Amazon and AWS Cloud Services Explore the AWS Ratings Tree and subscribe to the services that your company uses. Add those subscriptions to your “Cloud Services” tier. Corporate Security Add Amazon.com Inc to a normal tier. Rackspace Cloud Services Subscribe to Rackspace - Dedicated Hosting and/or Rackspace - Products and Services. Add those subscriptions to your “Cloud Services” tier. Corporate Security Add Rackspace - Corporate to a normal tier. Microsoft Office 365 Cloud Services Add the services you use from Office 365 to your “Cloud Services” tier. Corporate Security We have not yet curated a Corporate rating for Microsoft. If you would like to monitor this segment of Microsoft, please contact your Customer Success Manager and they will facilitate an introduction to the Bitsight Strategic Partnerships team. - Track the cloud IP addresses that are discovered in the Bitsight platform via DNS attribution located in their IP Addresses tab.
Here’s an example of how your portfolio might look after these changes:
Your Rating | Cloud Services Tier | Normal Tier | |
---|---|---|---|
Host workloads on EC2 (high responsibility) |
Default: rely on DNS-based IP attribution | Subscribe (optional) | N/A |
Store critical data on S3 (moderate responsibility) |
N/A | Subscribed | N/A |
Write event data to DynamicDB (low responsibility) |
N/A | Subscribed | N/A |
Amazon.com (no responsibility) |
N/A | N/A | Subscribed |
Recommendations
- If you are interested in having a dialogue with a particular cloud service provider about their rating (which will best reflect the people, processes, and tools that operate the cloud infrastructure), we recommend focusing on the “Corporate” rating as a way to have this conversation.
- For large cloud service providers, we recommend informing your Customer Success Manager in parallel with your outreach so we can offer any guidance along the way.
- Subsequent conversations about the ratings of individual cloud services may help you understand the potential areas that you’ll need to explore within your own company to determine the level of responsibility that you have for securing those resources. See Shared Responsibility with Cloud Service Providers.
- November 15, 2022: Enhanced Ratings now available for CSPs.
- December 2, 2021: Navigation for the Continuous Monitoring application.
- July 27, 2021: Navigation instructions to track cloud IP addresses, “My Infrastructure” changed to “IP Addresses” tab.
Feedback
0 comments
Please sign in to leave a comment.