Latest Research from Cloud Security Alliance Offers Guidance on Designing Serverless Architecture, Adopting Cloud-Native Key Management Systems
Documents Offer Road Maps to Those Looking to Implement New Systems within Their Organizations
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, released two sets of guidance from its research working groups. The first, How to Design a Secure Serverless Architecture, offers specific security best practices for implementing applications on a serverless platform along with recommended controls application owners should adopt. Recommendations for Adopting a Cloud-Native Key Management System (KMS), meanwhile, provides project and program managers, among others, with general guidance for choosing, planning, and deploying a cloud-native KMS.
Recommended AI News: Cellcom Expands Network With HFR Networks’ flexiHaul Solutions
“Adopting a cloud-native KMS doesn’t need to be more complicated than the adoption of a public cloud service”
Written by CSA’s Serverless Working Group, How to Design a Secure Serverless Architecture [URL] provides application developers and architects, security and risk management professionals, and others involved in administering and securing systems with a set of best practices and recommendations for securing serverless applications. While it offers an extensive overview of a variety of threats, rather than detailing the more generic, cloud-related security aspects, the document focuses on the application owner and the threats facing applications on a serverless platform, specifically those aspects that change as a result of moving to a serverless service.
“IT organizations in nearly every industry are feeling pressure to quickly deliver value, get ahead of the competition, and provide customers with new experiences. Serverless platforms allow application teams to deliver value quickly, without having to manage the infrastructure the application runs on. As this movement gains steam, we can expect to see a proliferation of serverless platforms and more high-value applications being run on these platforms. Security concerns on serverless platforms are only going to grow, and organizations need to understand how to best protect themselves,” said Aradhna Chetal, one of the paper’s co-authors and co-chair of the Serverless Working Group.
Recommended AI News: EY Accelerate For RISE With SAP Will Help Organizations Prepare For What’s Next
Recommendations for Adopting a Cloud-Native Key Management System (KMS), which was written by the Cloud Key Management Working Group, addresses the technical, operational, legal, regulatory, and financial aspects of leveraging a cloud-native KMS, with the goal of optimizing business outcomes, including agility, cost, and compliance. It’s envisioned that the program or project manager will refer to the guidance as they lead their organization through the lifecycle stages covered within the document.
“Adopting a cloud-native KMS doesn’t need to be more complicated than the adoption of a public cloud service,” said Paul Rich, co-chair of the Cloud Key Management Working Group and a co-author of the paper. “However, because a KMS is often a core utility, its adoption warrants the same treatment you would apply to directory and other identity services. Like all information systems, it’s important to have the necessary talent available and give them sufficient time and guidance, all of which will go a long way toward successful adoption.”
Recommended AI News: IRI And Banyan Partner To Unlock New Opportunities For Retailers And Consumers
Comments are closed.