• Twitter
  • Youtube
  • Facebook
  • Linkedin
800-770-2701
KirkpatrickPrice Home
  • Remote Services
  • Audit
    • SOC 1
    • SOC 2
    • SOC for Cybersecurity
    • PCI Audit
    • Cloud Security
    • FERPA Audit
    • FISMA Audit
    • HIPAA Audit
    • HITRUST
    • ISO 27001
    • CFPB Mock Audit
    • Privacy Assessment
    • Risk Assessment
    • Vendor Compliance Assessment
  • Pen Test
    • Network
    • Web Application
    • Mobile Application
    • Wireless
    • API
    • IoT
    • Continuous
    • Code Review
    • Social Engineering
  • Online Audit Manager
  • Resources
    • Webinars
    • Video
    • White Papers
    • Press Releases
    • Media Resources
  • Blog
  • About
    • About Us
    • Testimonials
    • Quality Audit
    • Audit Process
  • Contact
  • Search
  • Menu

Cloud Security Resources

You are here: Home / Audit Services / Cloud Security / Cloud Security Resources

Table of Contents

  • Cloud Security Blog Posts
    • Best Practices for Privilege Management in AWS
    • Best Practices for Configuring Your AWS Perimeter
    • AWS Security for S3 and EC2
    • The Dangers of Remote Cloud Audits
    • 5 Best Practices for Cloud Security
    • Who’s Responsible for Cloud Security?
    • 12 Risks You Need to Know to Secure Your Cloud Environment
    • Who Should Perform Your Cloud Audit?

Cloud Security Blog Posts

Best Practices for Privilege Management in AWS

Best Practices for Privilege Management in AWS

Could what happened at Capital One happen at your organization? That depends on your commitment to cloud security. This breach could happen to any organization that’s not educated on AWS vulnerabilities and best practices. We’ve talked about how security misconfigurations played a role in Capital One’s breach, but now let’s discuss how privilege management contributed to this successful hack.

Best Practices for Configuring Your AWS Perimeter

Best Practices for Configuring Your AWS Perimeter

Could what happened at Capital One happen at your organization? As a business owner, stakeholder, or IT personnel, that’s the unavoidable fear that appears when you hear about the latest data breach. The Capital One data breach is one of the most damaging data breaches of 2019, and we’ll continue to learn about the repercussions for months to come. This data breach impacts 100 million individuals in the United States and 6 million in Canada.

Most importantly – we know that this breach could happen to any organization that’s not educated on how to properly configure your perimeter security groups. Let’s discuss web application firewalls (WAF), Server Side Request Forgery (SSRF) attacks, metadata, and how a misconfiguration could lead to a compromised AWS environment and stolen data.

AWS Security for S3 and EC2

AWS Security for S3 and EC2

AWS brings new opportunities for businesses to innovate, build, and grow – but what about the data in the cloud? Is it protected? How likely is it to be compromised? The 2019 Cloud Adoption and Risk Report from McAfee reports that the sharing of sensitive data in the cloud is increasing 53% year-over-year. The average enterprise generates over 3 billion events every month in the cloud and uses 1,935 different cloud services, giving malicious attackers ample opportunity to find, steal, and sell the data you are responsible for.

This means that organizations must do everything in their power to implement AWS security and safeguard personal information. Where should you begin? Let’s discuss some of the basic security practices for S3 and EC2. These are extremely complicated subjects, but let’s make a starting point for your AWS security strategy with the following best practices.

The Dangers of Remote Cloud Audits

The Dangers of Remote Cloud Audits

A major area of risk that we’ve recognized is remote cloud audits. We hear many organizations indicate that because they are a cloud-based organization, they do not want or need onsite assessments, but we want to help them avoid this attitude. Let’s be clear: it’s completely inaccurate to say that everything is in the cloud. Why? Let’s find out.

5 Best Practices for Cloud Security

5 Best Practices for Cloud Security

How has the cloud impacted your organization’s security? Has it left you wondering – what consequences could we face if a malicious outsider gained access to our cloud environment? Would our clients stay loyal to us if our database was compromised? What can we do to implement cloud security?

Our five best practices for cloud security, especially in Azure and AWS environments, include areas of IAM, MFA, hardening techniques, monitoring programs, and industry-accepted cloud security tools. These best practices for cloud security work together and sometimes overlap to give your cloud environment the protection that it needs.

Who's Responsible for Cloud Security?

Who’s Responsible for Cloud Security?

As more and more organizations migrate to the cloud, it drives cloud service customers to consider how the cloud will impact their privacy, security, and compliance. First, cloud service customers must understand how their cloud service provider delivers a secure solution. Second, cloud service customers must consider their new role in cloud security. Some cloud service customers mistakenly believe that when they migrate to the cloud, their cloud security responsibilities also shift.

Who’s responsible for cloud security? Why do you even need security in the cloud? Let’s discuss the shared responsibility model and help you understand which elements of cloud security that customers are responsible for and which fall under the responsibility of the provider.

12 Risks You Need to Know to Secure Your Cloud Environment

12 Risks You Need to Know to Secure Your Cloud Environment

Advancements in cloud technology have completely changed the way organizations use, store, process, and share data, applications, and software. Cloud environments tend to be more cost-efficient and time-efficient…so why wouldn’t you put your data in the cloud?

Because so many organizations are putting so much sensitive data into cloud environments, they have inevitably become targets for malicious attackers. New security vulnerabilities are consistently being discovered and, in a vicious cycle, traditional security vulnerabilities still show up in cloud environments. In response to the ever-growing threat landscape, the Cloud Security Alliance (CSA) has created industry-wide standards for cloud security.

Their report, “The Treacherous 12 – Top Threats to Cloud Computing + Industry Insights,” arms cloud users and cloud providers with guidance on risk mitigation for their cloud strategies. Based on research from the CSA Top Threats Working Group, the CSA determined the following 12 risks for cloud security to be the most critical issues.

Who Should Perform Your Cloud Audit?

Who Should Perform Your Cloud Audit?

The evolution of the cloud presents new security issues every day. As more and more organizations migrate user data to the cloud, it drives both cloud service customers and providers to consider how the cloud will impact the privacy and security of data. How does your organization secure your cloud environment? Just like any type of technology or IT operation, the security of your service needs to be validated by a third party. Who should perform your cloud audit? Someone who understands cloud computing and technology, not just an average auditor.

WEST COAST REGIONAL ADDRESS
1 Sansome St.
35th Floor
San Francisco, CA 94104

CORPORATE & MIDWEST REGIONAL ADDRESS
4235 Hillsboro Pike
Suite 300
Nashville, TN 37215

NORTHEAST REGIONAL ADDRESS
200 Park Avenue
Suite 1700
New York, NY 10166

SOUTHEAST REGIONAL ADDRESS
1228 East 7th Ave.
Suite 200
Tampa, FL 33605

11755 Wilshire Blvd.
Suite 1250
Los Angeles, CA 90025
3838 Oak Lawn Avenue
Suite 100
Dallas, TX 75219
235 Peachtree ST NE
Suite 400
Atlanta, GA 30303
10411 Motor City Drive
Suite 750
Bethesda, MD 20817
6040 California Avenue SW
Suite C
Seattle, WA 98136
200 West Madison
Suite 2100
Chicago, IL 60606
KirkpatrickPrice

800-770-2701

Twitter social media button
YouTube social media button
Facebook social media button
LinkedIn social media button

Contact Us

Online Audit Manager

Terms and Conditions

Privacy Policy

All Rights Reserved

© 2021 KirkpatrickPrice

Audit Services

  • SOC 1
  • SOC 2
  • PCI DSS
  • FERPA
  • FISMA
  • Privacy
  • HIPAA
  • HITRUST
  • ISO 27001
  • Risk Assessment
  • Cloud Security
  • Vendor Compliance
  • SOC Cybersecurity
  • CFPB Mock Audit

Pen Test Services

  • API
  • IoT
  • Network
  • Wireless
  • Web Apps
  • Mobile Apps
  • Continuous
  • Code Review
  • Social Engineering

Popular Blog Posts

  • Compliance Terms Glossary
  • Purpose of Policies & Procedures
  • SOC 1 vs. SOC 2
  • Finding a QSA for PCI Audits
  • Guide to 7 Types of Penetration Tests
  • CCPA vs. GDPR

Popular Videos

  • How to Avoid a Never-Ending Audit
  • SOC 1 Type 1 vs. Type 2
  • SOC 2 Academy
  • PCI Demystified
  • What is HIPAA?
  • Navigating the HITRUST CSF
Scroll to top