Chapter 1: Cloud Security Overview Frank Kim SANS Faculty Fellow and Curriculum Lead “Cloud computing has become a major defining factor in the current and future state of information security, with the business reasons for moving to the cloud simply too overwhelming to ignore, However, the cloud represents big change for almost all organizations, and security must be part of that evolution in order to succeed. In terms of industry momentum, we've now reached the point where every cybersecurity professional needs to be knowledgeable about the cloud to varying degrees. As a security professional, you need to do three things in parallel: + Understand how the major cloud providers work and the plenitude of services that they offer. + Understand the technical details of each platform to ensure that you have secured your specific implementation appropriately. + Ensure your teams transform the way they do their work in order to leverage cloud services and automation in a way that improves the effectiveness of security itself”This book provides you with a comprehensive collection of technical resources that you can use to atrn yourself with the foundational knowledge required in today's cloud-first world Taken together, these resources model the whole life cycle of security, touching on aspects of the functions of the NIST Cybersecurity Framework—Identify, Protect, Detect and Respond. This collection is a good place to start if you're looking to build out your cloud security knowledge base, because the technical detail provided in these reports and guides will enable you to start crafting a technical roadmap for your organization's transition to the cloud, The reason | say that this is a good place to start, however, is that it’s what you do next with the information you learn that matters most. Building and leading a cloud security program is not just about the technical controls; it’s about the management, governance, people and process items as well. It's ot just about implementing the right technology, it's also about the overall mission and vision of the organization, So the question becomes, how do you align with that mission to ensure that you're achieving the larger business objectives in addition to your technical activities? It might not be obvious, but the topics described in these resources are the foundational elements of your overall cloud security journey. Think of each resource as a piece of the puzzle that, once put together, creates a bigger picture. Now, it's up to you to connect the dots. As you read, | encourage you to challenge yourself to think about how these papers come together to create a broader view of the cloud. Doing so will enable you to build an overall cloud security roadmap for your business—not just a technical roadmap, but a business roadmap for the cloud. Its a valuable exercise, to be sure, and it will make all the difference if you go into it with a strong understanding of your business objectives and drivers. With your business reasons for moving to the cloud top of mind, you'll be better able to lay out your objectives and roadmap to ensure that you accomplish what you need to in your first year and beyond It can be challenging to see how the day-to-day security activities discussed in these resources contribute to achieving your overall business goals, but you can treat this book as a checklist of sorts, and check things off in your mind as you read about the capabilities you need to implement in your organization. By doing so you will steadily improve the maturity of your overall cloud security program,Just as the web has defined the previous 20 years of technology change, | believe that the cloud will be the defining element of the next 20 years. If you haven't already started building your cloud security knowledge and roadmap, there's no better time to start than now. About the Author Frank Kim leads the management and cloud security curricula for SANS, developing courses on strategic planning, leadership, DevSecOps and cloud security. He is also a SANS faculty fellow and author of MGT512, MGTS14, and SECS40. Previously, Frank served as CISO at the SANS Institute, leading its information risk function, and was executive director of cybersecurity at Kaiser Permanente, where he built an innovative security program to serve one of the nation’s largest not-for-profit health plans and integrated healthcare provider. Currently, as founder of ThinkSec, a security consulting and CISO advisory firm, Frank helps leaders develop business-driven security programs