Cloud, Security and Technology

I've been asked several times as to what are the building blocks to build a secure cloud solution. In my last 2017 blog I revisit the paper I wrote a while back called " 13 Effective Security Controls for ISO 27001 Compliance " and reconsider the 13 security measure that help meet compliance controls. One important update for this blog over the paper, is that I will not look at IaaS services a whole lot. Protecting a OS or VM has been done to death.   IMHO organizations need to get out of the business of managing the health of OS's/VM's and WebServices.  Moving to Containers with an orchestration engines such as Kubernetes , or Platform such as provided by Azure, or AWS is one of the best long term security investments. No more AV, Patching, or Host services maintenance…  The process is to get most companies away from the IT business, and into their core competency with a High tech offering that provide a capability on demand. Moving