Last June-21st, the MEDINA Bosch team (Thomas Ruebsamen and Jesus Luna) moderated a round table discussion during the Infosecurity Europe 2022 event in London on the topic of hybrid cloud security. The discussion was focused on the main security challenges that such complex cloud architectures (including cloud continuum) are bringing to both providers and customers, in particular related to compliance and the role of automation and certification. The participants (also including cloud security vendors) agreed that data-centricity, lack of transparency in current (cloud) security certification schemes, and the human-factor are still top challenges for hybrid cloud deployment. Furthermore, there seems to be a consensus that even in "simpler" cloud architectures those challenges are pretty much present, despite the perceived maturity and industrial level of cloud adoption since year 2010.
We took this opportunity to discuss how automation and continuous-audit based certification, in the shape of the MEDINA framework, could contribute to solve some of the identified challenges. For example, MEDINA's risk management tools (in particular SATRA) can support a data-centric approach to certification, by identifying the CSP's risk appetite based on the expected capabilities from the cloud service. Transparency in achieved/committed assurance levels is inherent to the MEDINA framework, where components like CCE (Continuous Certification Evaluation) provide a clear and continuous view on (non-)compliances in the cloud service's provision.
Last, but not least, is the human factor where our expectation is that MEDINA's good practices will support CSPs and cloud customers on their journey to a pragmatic leverage of cloud security.
Stay tuned for upcoming developments in MEDINA by following this blog!