Cloud security is a journey, not a destination. The guidance offered by the NSA is a critical step in raising awareness and provides insight, so organizations know where to prioritize and optimize their security resources.
In late January 2020, the US National Security Agency (NSA) released guidance for Mitigating Cloud Vulnerabilities. The document divides cloud vulnerabilities into four classes (misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities) that encompass many of the known vulnerabilities. It states that cloud customers have a critical role in mitigating misconfiguration and poor access control but can also take actions to protect cloud resources from the exploitation of shared tenancy and supply chain vulnerabilities. This eBook provides a summary of its findings and recommendations.