home.aspx
   
 
. https://www.meritalk.com/articles/security-compliance-tools-will-be-crucial-part-of-agencys-push-to-cloud/
blog article
SECURITY COMPLIANCE TOOLS WILL BE CRUCIAL PART OF AGENCY’S PUSH TO CLOUD
A growing challenge for development and security operation teams (DevSecOps) as they move workloads to cloud infrastructures is how to ensure that functions in the cloud adhere to their agency’s compliance and security policies. Cloud infrastructures are flexible and offer opportunities for settings to be changed or misconfigured, opening more access points for data breaches, system downtime, and costly compliant violations. As enterprises and government agencies migrate to the cloud, there is no clear network perimeter as there might have been for workloads in traditional data centers. “That is largely because when you go to the cloud everything is software-defined,” said Phillip Merrick, CEO of Fugue, a developer of security and compliance software. “Everything that was physical hardware in the datacenter, you don’t have anymore. It is all defined by software through APIs [application programming interfaces] or infrastructure as code. It’s really important that you get it right,” he said. Agencies should have a comprehensive set of security polices for operating in the cloud, such as all data at rest must be encrypted, and there should be no open ports on virtual machines. Organizations might have strong security policies, but the IT teams that are deploying that infrastructure in the cloud might not be aware of all the policies, and through ignorance might not properly configure settings from the start. READ MORE