Do not index
Do not index
Today, when it comes to security due diligence and on-going operational security visibility of cloud services, enterprise security pros are acting out the childrens game, Pin the Tail on the Donkey.
With security policy in hand, we’re groping around, blindfolded by a lack of security visibility whilst disoriented by the scale and combination of new (and old) technologies and service models. The Cloud Donkey – known for a strong sense of preservation – looks on.
The problem is that there are many donkeys, and even more tails. Worse, we’re all trying to stick different tails on the same donkeys.
If we don’t like what we’re (not) seeing, we can either moan about our predicament or try to change things. Like collaborating with others that share the same concerns to develop the “Audit, Assertion, Assessment, and Assurance API (A6)” for cloud services.
If you’re a security pro, don’t be an ass, join the A6 security group.
Written by
Independent Cloud Security Consultant. Advisor to Cloud Security Alliance. Former Group Security CTO at Barclays. Founder of GE Red Team