NSA Guide: Mitigating Cloud Vulnerabilities

The National Security Agency (NSA) has published an eight-page guide on mitigating cloud vulnerabilities, intended for both leaders and technical staff. The sections on cloud components and cloud threat actors provide helpful overviews of the equipment and processes involved in cloud architecture as well as the backgrounds and capabilities of those who might try to take advantage of weaknesses for malicious purposes. It is especially helpful information for leaders. Some of the information in the cloud vulnerabilities and mitigations sections may also be relevant to leaders, but much of the contents here speak to specific steps technical staff should undertake to protect their systems. The NSA acknowledges that cloud computing offers benefits to organizations, including enhancing the security posture. But it also observes that cloud services can introduce risks that should be fully understood and addressed during the procurement process and whenever operating in the cloud.