Chapter 3 - Analyze and Document your cloud deployment
As we reviewed in Chapter 2 the need to understand your workloads, business units and associated data/information is a critical step. Organizations need to understand what is needed within a cloud deployment to ensure they secure their workloads against their own risk appetite as well as against any regulatory, legislation and industry specific requirements.
This chapter will look at how do we rationalize our security requirements, what data protections we need to implement and how does our security deployment architecture help treat and/or remediate the security controls and data protections we are required to deploy.
Key elements we will review within this chapter are how can organization Analyze and Document their security requirements (e.g. ISO, PCI, etc.) - The step will document Cloud Control Inherency and document customer controls operated in a cloud customer environment.
We will also define data protections and controls which can drive the data security (e.g. PHI, PII, CJI, etc.), configuration requirements for cloud services such as encryption, dedicated instances, the use of multi-factor authentications, etc. The output will be a document security Architecture which will outline the processes, service and security ...