The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have collaborated to release five joint cybersecurity bulletins, offering comprehensive guidance on best practices for securing cloud environments. Cloud services have gained widespread adoption in the enterprise, providing managed servers, storage, and applications, alleviating the need for organizations to manage their own infrastructure. The prevalence of cloud services has led to developers offering both on-premise and cloud-hosted versions of applications, catering to varied administrative preferences. The jointly issued guides address critical aspects such as identity and access management, secure key management practices, data encryption, cloud storage management, and risk mitigation from managed service providers.
These cybersecurity information sheets (CSIs) provide actionable recommendations, including configuring multi-factor authentication, secure storage of credentials, partitioning privileges, secure key management solution configurations, implementing network segmentation and encryption in cloud environments, securing data at rest, and mitigating risks associated with managed service providers. As cloud services remain prime targets for threat actors due to their storage of valuable data and potential pivot points to internal networks, the release of these CSIs underscores the importance of adopting robust security measures. Notably, the collaboration between NSA and CISA aims to enhance the cybersecurity posture of organizations leveraging cloud services, offering insights into emerging threats and reinforcing defenses against potential attacks.
