Cloud security best practices
There are separate SaaS best practices, PaaS best practices and IaaS best practices. Organizations should also adhere to a number of general cloud security best practices, including the following:
- Understand the shared responsibility model, including the responsibilities of your CSPs and your security team.
- Choose your CSPs wisely. Know what security controls they offer, and review contracts and service-level agreements (SLAs) diligently.
- Adopt a strong, granular IAM policy to control who has access to what. Employ the principle of least privilege (POLP), and require strong passwords and 2FA or MFA.
- Encrypt data in at rest, in use and in motion.
- Maintain cloud visibility through continuous monitoring.
- Understand cloud compliance requirements and regulations.
Establish and enforce cloud security policies.
- Conduct security awareness training for employees, third-party partners and anyone accessing organizational cloud resources.
- Segment clouds and workloads.