Get startedGet started for free

Security controls and compliance

1. Security controls and compliance

It’s always better to prepare for a threat than to respond to one. Implementing security controls to reduce risk will be an important part of your role as a cloud security professional. Security controls are also a key part of both security and compliance. In this video, you’ll learn how security controls can help you secure your organization’s assets, so you can meet compliance standards. A security control is a safeguard designed to reduce specific security risks. Security risk is the total of both the likelihood and the impact of threats on assets. As a cloud security professional, reducing the security risks in an organization means that you are trying to either reduce the impact from the threat or reduce the likelihood of that threat. For example, if you encrypt data, you reduce the impact of a breach, because the attacker cannot see the data without the key. You might also use two-factor authentication in order to reduce the likelihood of a threat actor accessing a network or system, should the threat actor steal a password and try to use it to impersonate a user. Next up, we’ll explain how you can also use combinations of controls to reduce risk by addressing impact and likelihood of an attack. Cloud security controls are measures that safeguard cloud environments from threats and minimize the effects of harmful attacks. Security controls are a central element in any cloud computing strategy. CSP-offered cloud security control measures may be part of a shared responsibility or shared-fate agreement with a CSP and the organization using its services. The CSP automatically provides some controls for their customers, such as physical security, secure-by-design practices in software development, and strong security defaults on services. The CSP also makes some controls available as considerations for a business’s needs. An example of this is customer-managed encryption keys. Other controls the CSP offers can be those measures that are customer-inherited and customer-modifiable. These measures help ensure a consistent protection for data and workloads. To demonstrate compliance as a cloud security professional, you must prove that the required security controls are in place. To achieve compliance, you can make use of some built-in and third-party cloud security tools, and run reports on workloads. Now that you know more about implementing security controls to protect assets and meet compliance standards, you can be better prepared for your role in security in the cloud.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.