Cloud Security; Ask This:

Organized By Key Themes: Security, Management, Risk, Cloud, Data, Software, Development, Technology, Network and Project:

SECURITY:

How do your organizations risks and controls align with the prospective vendors?

Create a visionary architecture roadmap and organizational strategy to align cloud and security teams with engineering, product management and other business teams. 

What are the policies and practices of the service provider for dealing with malicious tenants?

Serve as point of contact to enterprise IT teams working through all phases of the System development life cycle to support the integration of information security requirements and best practices. 

Are your encryption keys maintained by the cloud consumer or a trusted key management provider?

Design and implement network intrusion detection (IDS), data loss prevention (DLP), cloud access security broker (CASB), and other relevant solutions to strengthen Information Security posture. 

What do you recommend for users?

Make recommendations to strengthen the security posture of your computing environment as well as recommend process and technology improvements to ensure timely response to future Data Leakage security incidents. 

Does the solution support multiple instances of the same cloud app inside a organization?

Lead engagement with IT stakeholders, business management, and other strategic partners to support the design, development, and deployment of enterprise Information Security solutions that span multiple technologies and disciplines. 

How can organizations design and implement cloud security framework and architecture?

Design, deploy and operate the Security-as-a-Service and work with product engineering, IT infrastructure, and business application development organizations to implement adequate security controls under guidance of corporate security policies and standards. 

Are your employees bringing their own devices to work?

Engage with other Product Management leaders across the Enterprise business to identify and bring innovative integrations that bring better security outcomes for your (internal) customers. 

How is continuous monitoring conducted?

Guarantee your group is working knowledge and good involvement developing/designing/operating data protection technologies to include: Data Loss Prevention, Cloud Access Security Broker, Data Access Governance, Encryption/Tokenization/Obfuscation/Masking, Rights Management, Database Security, Email Security, Endpoint Security, UEBA, Logging and Monitoring. 

Are policies and procedures established for data labeling and handling in order to ensure the security of data and objects that contain data?

Secure that your operation is working on a medium sized, closely knit team of experienced security professionals that are responsible for handling all aspects of information security, risk and compliance. 

Do you have a process ensuring that the use of generic accounts is kept to a bare minimum?

Provide structured and consistent support to IT project teams by ensuring all enterprise information security requirements and associated risks are addressed. 

MANAGEMENT:

What specific concerns do other organizations have when it comes to securing containers?

Partner with business stakeholders to mitigate information risk management concerns. 

What application tracks a process from start to finish?

Lead a product management team and rationalize and collate requirements across multiple engineering tracks, through collaboration with other PM Directors. 

What type of information is involved?

Be certain that your strategy is involved in customer identity and access management platforms as Auth0, Okta, Ping, or similar. 

Do the developers changes align to the system level requirements and architecture?

Partner with the Product Management (PM) team in defining, testing, and documenting the solution which may require integration with other products and components, both from your organization and from your ecosystem partners. 

How do you create a cloud roadmap that supports a seamless transition from your current IT?

Support the executive management level for projects related to data management concepts. 

What are the implications of rapid business changes on your technology infrastructure?

Guarantee your process is involved in change management processes and functions. 

What is the process that will be followed to resolve unplanned incidents?

Follow risk management and compliance procedures. 

Is the security design aligned with the business delivery model and AWS cloud architecture?

Align IT risk management with enterprise wide risk management. 

Which threats do you assess are most relevant to your organization and why?

Assure your process expands its knowledge in privileged access management solutions, with hands on involvement in design, installation, and configuration. 

What solutions will deliver the culture you need?

Assure your team helps deliver presentations to (internal) clients and management teams. 

RISK:

Who is involved in the FedRAMP process?

Oversee that your team is involved in risk quantification. 

Have you decided what identity management approaches are acceptable and desirable?

Secure that your team is accountable for ensuring residual risk is captured and owners are identified and accept the risks. 

What notification timeframes are built into your incident reporting process?

Liaison so that your team is reporting status and Risk Level. 

Does your cloud security vulnerability countermeasures and network hardening tool enable a cloud best practice for its business continuity and growth in general?

Document recommendations, root cause analysis efforts, risk assessments and manage remediation efforts where downstream work with priority. 

What approach should be used to monitor and remediate cloud security threats?

Identify renewal risk and collaborate with internal teams to remediate and ensure a successful renewal. 

Do you understand your cloud security and compliance needs and gaps?

Lead the compliance team with identifying, analyzing, and documenting risks and understand the importance of this process. 

Do you have a continuous view of your cloud compliance posture to reduce the threat of a breach?

Ensure your operation identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of risk scenarios. 

How do departments wield the power of the cloud, expanding reach while guarding core assets?

Research and design ways to achieve risk reduction objectives in creative ways, including expanding your current tool stack where appropriate. 

What actions may be necessary to address highlighted risks and challenges?

Be confident that your design is accountable for ensuring that key risks and issues are identified, addressed and resolved in a manner that satisfies the business. 

CLOUD:

How can the risk involved in online payment be reduced by internet governance?

Make sure your organization is involved in software development, cloud architecture, vulnerability management, and risk management disciplines. 

Is there any quantitative approach for cloud security?

Ensure you partner with your (internal) customers to provide a custom solution-oriented approach through your advisory and technical capabilities in three main practice areas: Cloud native, Cloud Security and Cognitive Business Automation. 

How does the system identify the users?

Understand cloud security for access identify management to security groups. 

Are the policies, standards and guidelines in a line with the industry standards?

Advise and influence business partners from a cloud risk and control perspective on new processes products, initiatives and strategies; guide the business unit(s) through the various governance approvals and controls reviews related to new initiatives. 

Does the service meet industry standard cloud security principles as the Cloud Security Alliance, NIST or UK Government Cloud Security Principles and SOC 2?

Lead and influence teams on cloud risk and product related initiatives to meet corporate, divisional and business line objectives. 

What strategies do you advise on mitigating risks in the cloud?

Advise customer on cloud models, technology and risk management strategy. 

Is the security team involved in cloud decisions?

Safeguard that your strategy is involved in cloud security concepts. 

How to demonstrate the users identities continually when performing delicate activities?

Perform cloud security risk assessments and remediation recommendations. 

What types of systems do you currently have in place to collect, analyze and correlate large quantities of security and event data?

Analyze SaaS productivity tool workflows and design cloud access security broker (CASB) controls. 

DATA:

What policies exist to reduce the number of elevated/privileged access accounts?

Make certain that your organization has involvement in designing and implementing technology and process solutions to reduce the potential risk of data compromise. 

Do you offer training to your employees and staff on how to minimize insider security risks?

Guarantee your team Designs/implements data strategy and data security methods. 

What specific facilities and system components were included in the validation?

Make sure the data could involve PII and could also include sensitive business information as pricing, financials, product plans, HR documents, design documents, and other IP. 

Do you collect capacity and use data for all relevant components of your cloud service offering?

Collect data for customer audits and security due diligence requests. 

Does using a cloud provider give your organization an environmental advantage?

Ensure you own the development and support of the underlying infrastructure allowing your applications to rapidly grow and evolve, enabling fast and reliable data pipelines, and ensuring the insights you provide to your (internal) customers are always available. 

How does the provider monitor the applications?

Invest in the analysis of data to help provide creative solutions on business issues. 

Can the provider give reports for monitoring user access?

Certify your organization is using log management tools, packet captures reports, data visualization, and pattern analysis. 

Does the cloud services contract include appropriate retention and destruction commitments from the vendor?

Guarantee your process is responsible for protecting information systems and data from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruct. 

What are the main inhibitors of using Cloud-based Security Solutions?

Develop experience implementing and using data management tools. 

SOFTWARE:

Who is responsible for developing information security governance?

Develop experience implementing software security testing tools. 

How do you control the increased access administrators have working in a virtualized model?

Drive software process improvements that enable progressively increased team efficiency. 

Is multi factor authentication supported for provider services?

Develop experience executing software programs in support of a major compliance effort. 

What determines the size of a group of servers sharing the same network range?

Make sure your staff determines systems software design requirements. 

What inhibitors has your organization encountered in adopting or fully utilizing your cloud security vendors technology?

Provide technical support for both hardware and software issues your users encounter. 

How can security keep up with DevOps that is already configuring and deploying on AWS?

Lead an agile team using DevOps software. 

How do you enable debugging without destroying the problem?

Work with embedded testers to debug software issues and ensure robust software quality. 

DEVELOPMENT:

What is the experimental technology that might lead to the possibility of processing encrypted data without having to decrypt it first?

Lead the development of new cloud security processes and procedures. 

What is driving investments in third party cloud native application security controls?

Invest in the development and maintenance of security compliance validations. 

Are detail and summary records available for the audit period?

Coach business leaders in the development of resistance management plans. 

What is the track record of the cloud provider in implementing effective security practices?

Invest in the development of security remediation efforts and track them to completion. 

What happens when you upgrade network speeds, which does occur from time to time?

Work with development team and QA to ensure requirements traceability and completeness. 

Can the specific system components used by a client at a particular time be identified?

Be confident that your process mentors development team members. 

Are usage audits performed automatically or reactively?

Certify your process has hands on involvement in front end development. 

Can cost drivers override security?

Help drive business development activities. 

How do you meet the rapidly changing business demands for new applications and capabilities?

Invest in tailoring the development process to meet the project needs. 

TECHNOLOGY:

What does a modern cloud enabled SOC look like for hybrid architectures?

Ensure your information technology team operates as your business partner proposing ideas and innovative solutions that enable new organizational capabilities. 

How does your organization understand and resolve its most urgent cloud security issues?

Understand complex business and information technology management processes. 

Do you have password policies for enterprise issued mobile devices and/or BYOD mobile devices?

Make sure your team is leading considering business needs, gathering requirements, and recommending solutions that have to be technology and/or services focused. 

What does successful implementation of security essentials look like?

Develop experience consulting with business and technology stakeholders to build and implement secure solutions. 

How do you control access to different cloud solutions?

Oversee that your process understands client business functions and technology needs. 

What do most CISOs think about cloud security policy?

Ensure your success requires continuous collaboration with several other groups across the organization, including the Chief Technology Office, Chief Risk and Compliance Office/CISO, Corporate Technology, Engineering, Legal. 

What is your organizations experience delivering other cloud security projects?

Ensure you manage a unique culture, enabling your team members to be on the cutting edge of technology while delivering high quality solutions. 

How much of your IT security budget is devoted to preventing, detecting and mitigating insider threats?

Define, implement and support process and technology improvements related to preventing unauthorized disclosure, modification, removal or destruction of information. 

What groups are directly involved in creating cloud security policies?

Be certain that your team is involved in skills, application(s) and functions of the technology area. 

How does your organization currently ensure compliance with record keeping requirements?

Be confident that your team is involved in technology transformations. 

NETWORK:

What approach should be used to monitor and remediate cloud security threats?

Lead across your organization to ensure a process is in place, adopted and performed to remediate all infrastructure, network and application vulnerabilities. 

Do you need any additional security for the integrations in a hybrid environment?

Invest in implementation and secure design of secure applications, software integrations, identity providers, and networks. 

Does the firewall enable automated configuration of security policies?

Provide third level support in troubleshooting of network performance issues. 

How is the CSP security team involved in security upkeep?

Make sure your group is involved in network protocols and deep packet inspection. 

Does your organization have the appropriate controls to detect and prevent an insider attack?

Collaborate with it teams to remediate any potential hardware or network issues that prevent detection capability. 

How has the cloud saved you time, effort, and resources through enhanced security?

Apply creative approaches and innovative thinking to the design of new and enhanced network architectures. 

PROJECT:

What about investigation Support?

Provide cloud security guidance and support to project teams. 

Who is accountable for what and is your data protected even if you change providers?

Facilitate change management activities between the project team and IT service groups. 

Which cloud security issue is most under researched?

Support project research and implementation for your corporate security program. 

What integrations and configurations do your security solutions support?

Make sure your workforce provides technical support to project team members. 

Has integration and interfaces with existing systems been fully considered?

Make sure the project has just completed the process design phase. 

How do you meet the need for business agility whilst ensuring security and compliance?

Oversee that your personnel coordinates team activities to meet project milestones. 

Who is responsible for delivering your organizations cybersecurity?

Invest in the planning and delivering of Business Intelligence implementation projects.