One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8371160 |
| Date de publication | 2023-08-17 10:00:00 (vue: 2023-08-17 10:06:30) |
| Titre | Sécuriser vos réseaux cloud: stratégies pour une infrastructure résiliente Securing your cloud networks: Strategies for a resilient infrastructure |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. What exactly is resilience? According to the U.S. National Institute of Standards and Technology, the goal of cyber resilience is to “enable mission or business objectives that depend on cyber resources to be achieved in a contested cyber environment.” In other words, when you’re at odds with cybercriminals and nation-state actors, can you still get your job done? If not, how quickly can you get back up and running? In this article, we outline steps to ensure that if your cloud networks fail, your business won’t fail along with them. Take stock of what you can’t (and can) live without Being resilient during and post-cyber-attack means being able to continue business operations either leanly or back to full throttle soon after. While resources are being pooled to respond and recover from an incident, what data must be protected and what operations must go on? Data that must be protected include those defined by regulation (e.g., personal identifiable information), intellectual property, and financial data. Data itself must be protected in multiple forms: at rest, in transit, and in use. The type of business you’re in may already dictate what’s essential; critical infrastructure sectors with essential operations include telecommunications, healthcare, food, and energy. Anything that your business relies on to survive and sustain should be treated as highest priority for security. Ensure required availability from your cloud provider An essential part of resilience is the ability to stay online despite what happens. Part of the cloud provider’s responsibility is to keep resources online, performing at the agreed level of service. Depending on the needs of your business, you will require certain levels of service to maintain operations. Your cloud provider promises availability of resources in a service-level agreement (SLA), a legal document between the two parties. Uptime, the measure of availability, ranges from 99.9% to 99% in the top tiers of publicly available clouds from Amazon and Microsoft. A difference of 0.9% may not seem like much, but that translates from roughly 9 hours of downtime to over 3.5 days annually—which might be unacceptable for some types of businesses. Store backups—even better, automate As ransomware proliferates, enterprises need to protect themselves against attackers who block access to critical data or threaten to expose it to the world. One of the most fundamental ways to continue business operations during such an incident is to rely on backups of critical data. After you’ve identified which data is necessary for business operations and legal compliance, it’s time to have a backup plan. While your cloud service provider provides options for backup, spreading the function across more than one vendor will reduce your risk—assuming they’re also secure. As Betsy Doughty, Vice President of Corporate Marketing of Spectra Logic says, “it’s smart to adhere to the 3-2-1-1 rule: Make three copies of data, on two different mediums, with one offsite and online, and one offsite and offline.” Automated snapshots and data backup can run in the background, preparing you in the event of a worst-case scenario. Expose and secure your blind spots A recent report from the |
| Envoyé | Oui |
| Condensat | “enable “it’s “mapping ability able access according achieved across actors adhere adopt after against agreed agreement all along already also amazon annually—which any anything applications apply are article assessment at&t attack attackers authentication author automate automated availability available back background backup backups backups—even being betsy better between blind block both bring brokers business businesses but can can’t casbs case catch certain certainly change cloud clouds commission compliance components consider content contested contingency continue control copies corporate cost could critical cyber cybercriminals data days defined depend depending despite detail dictate difference different direct document does done doughty downtime during effective either enabling encryption endorse energy enforce ensure enterprises environment essential essential; event exactly exchange execute expose fail financial food forms: frequently from full function fundamental gain gaps get goal happens hard have having healthcare here highest hours how identifiable identified impact important improve incident include including information infrastructure institute intellectual interval invest it’s itself job keep key knowing lack leanly legal level levels lies like live logic longer maintain make marketing may mean means measure mediums microsoft might mission more most much multiple must nation national necessary need needs network networks networks: not objectives observes obvious odds off offline offsite one online operations options organization other outline outsourced over paper part parties pay people per performing periodically personal place plan plans policies pooled positions post preparedness preparing president prevention priority process processes proliferates promises property protect protected provided provider provider’s provides providing public publicly put putting quickly range ranges ransomware real realistic recent recover reduce redundancy regulation relies relinquish relinquishing rely report require required resilience resilient resources respond response responsibility rest risk—assuming roughly rule: run running says scenario sectors secure securing securities security seem service services should simulated simulations sit sla smart snapshots solely some soon spectra spending spotlight spots spreading standards state stay steps stock store strategies success such support survive sustain systems take technology telecommunications test tested tests than their them themselves theoretical these they’re things those threaten three throttle tiers time top towards traffic transferred transit translates treated two type types unacceptable updated uptime use user using vendor verify vice views visibility vulnerabilities way ways well what what’s when which who will without withstand won’t words work world worst you’re you’ve your |
| Tags | Ransomware Cloud |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.