Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

Adding Cloud Services to Your Portfolio

Avatar
Ingrid
Follow
  • November 15, 2022: Enhanced Ratings now available for CSPs.
  • December 2, 2021: Navigation for the Continuous Monitoring application.
  • July 27, 2021: Navigation instructions to track cloud IP addresses, “My Infrastructure” changed to “IP Addresses” tab.

When managing the security of your Cloud, ask the following questions:

  • Is your company demonstrating good security hygiene when using cloud services?
  • Is the cloud services provider demonstrating good security hygiene in operating the cloud services that you consume?

Refer to the following instructions to better manage your cloud security within the Bitsight platform:

  1. Go to the Tier Settings page to create a tier for managing your cloud services.
  2. We’ll use “Cloud Services” in our examples. Depending on the service provider, refer to the following instructions:
    Cloud Service Provider Instructions
    Amazon and AWS Cloud Services Explore the AWS Ratings Tree and subscribe to the services that your company uses. Add those subscriptions to your “Cloud Services” tier.
    Corporate Security Add Amazon.com Inc to a normal tier.
    Rackspace Cloud Services Subscribe to Rackspace - Dedicated Hosting and/or Rackspace - Products and Services. Add those subscriptions to your “Cloud Services” tier.
    Corporate Security Add Rackspace - Corporate to a normal tier.
    Microsoft Office 365 Cloud Services Add the services you use from Office 365 to your “Cloud Services” tier.
    Corporate Security We have not yet curated a Corporate rating for Microsoft. If you would like to monitor this segment of Microsoft, please contact your Customer Success Manager and they will facilitate an introduction to the Bitsight Strategic Partnerships team.
  3. Track the cloud IP addresses that are discovered in the Bitsight platform via DNS attribution located in their IP Addresses tab.

    Navigation Options

    CM App: Vendor Risk ➔ Infrastructure ➔ IP Addresses

Here’s an example of how your portfolio might look after these changes:

Example Service Provider Segmentations

Recommendations

  • If you are interested in having a dialogue with a particular cloud service provider about their rating (which will best reflect the people, processes, and tools that operate the cloud infrastructure), we recommend focusing on the “Corporate” rating as a way to have this conversation.
  • To provide a better representation of the provider’s security posture, select providers have an Enhanced Rating.
  • For large cloud service providers, we recommend informing your Customer Success Manager in parallel with your outreach so we can offer any guidance along the way.
  • Subsequent conversations about the ratings of individual cloud services may help you understand the potential areas that you’ll need to explore within your own company to determine the level of responsibility that you have for securing those resources. See Shared Responsibility with Cloud Service Providers.

Related articles