Cloud Concentration Could Pose a Risk to your Organization
SANS Cloud Security
The most trusted source of cloud security training, certification, and research.
“Organizations (and some regulators) are becoming increasingly aware of the risks associated with cloud concentration — relying too heavily on a single cloud provider. As a result, many are starting to adopt a multi-cloud strategy to mitigate these dangers. While this approach offers greater resilience and reduces dependency on one vendor, it also introduces significant security challenges that are often underestimated or missed entirely.
One key issue is the inconsistency in security policies across different cloud platforms such as AWS, Azure, and Google Cloud. Each provider offers unique security tools and configurations, which can create gaps if organizations fail to standardize controls across environments.
Furthermore, managing identity and access management (IAM) across multiple clouds becomes more complex, often resulting in over-privileged accounts that span environments, increasing the attack surface. The lack of unified monitoring and logging tools across clouds also makes it more difficult to detect threats or respond to incidents promptly, leaving organizations vulnerable to exploitation of the weakest link in their multi-cloud setup.”
Jason Larkin, SANS Certified Instructor Candidate
Free Upcoming Workshops and Events
Join Live Thursday, November 14! Cloud Security for Leaders | Aviata Cloud Hands-on Workshop
FREE Thursday, November 14 | 10am ET | 1400 UTC
Join Principal Instructor Jason Lam for a hands-on workshop where you will learn actionable insights and strategies to help you effectively manage and secure your cloud environments - backed by insights from LDR520: Cloud Security for Leaders.
The adventures of the Aviata Cloud company and our SANS Cloud Security workshop series will run monthly from April through December 2024.
Read the Aviata Cloud Storyline
Explore the upcoming free monthly workshop technical topics at sans.org/workshops
Each workshop is independent of the others, so participate in one, some, or all.
Clearing the Fog: Detection and Defense against AWS Persistence Techniques | Free Webcast
November 20 | 10:30am ET
Join Ryan Thompson on November 20 as he uncovers advanced AWS persistence techniques and key strategies to safeguard your cloud environment. Strengthen your cloud security posture with expert insights from SEC541.
Detection Engineering in the Cloud: Are you Naughty or Nice? | Free Webcast
December 11 | 10:30am ET | 1530 UTC
Join Shaun McCullough on December 11th and unwrap the essentials of detection engineering, exploring what it is, how it differs from traditional security, and the tools that make it effective. Gain practical skills as we walk through real attacker techniques and engineer detections to uncover lurking threats—all with a seasonal twist!
Additional Cloud Security Essentials Content
Available OnDemand
Watch Evolution of SIEM in the Cloud with Chris Edmundson OnDemand. Learn how SIEM solutions have transformed into dynamic insight-driven platforms that leverage AI, ML, and integrate with XDR, IAM, and MITRE ATT&CK. Gain practical tips on evaluating SIEM solutions and access a free SIEM Evaluation tool to boost your security strategy.
Shift Left to Shift Everywhere: Continuous Development’s Impact on Security | Whitepaper
By embracing a shift-everywhere development security methodology, enterprises can take advantage of the speed and agility of the new era in DevOps while ensuring the safety and integrity of their applications, environments, and assets.
Cloud Security Essentials | SEC488
Even if your organization has the tooling, experience, and teams to secure on-premises environments, you likely aren't fully prepared for the cloud. Organizations all over the world are rushing to adopt cloud technologies despite having an insufficient understanding of critical cloud security issues, such as properly configuring cloud environments to protect sensitive data, managing billing costs, and balancing computing power usage.
The problem with many cloud security courses is that the focus solely on theory - SEC488: Cloud Security Essentials tackles current challenges head-on with practical, hands-on training to help you build a secure cloud foundation.
Did you know that any SANS Alumni of SEC488 can take it at anytime in the future for 50% off? Email [email protected] for more information.
"I learned a lot, went deeper technically than I expected to, and feel like this was absolutely a great use of my time. The instructors and TAs are top notch and made my experience taking this course a very positive one." - Marni R, AWS, SEC488 Student
GIAC Cloud Security Essentials | GCLD
The GIAC Cloud Security Essentials (GCLD) certification validates a practitioner's ability to implement preventive, detective, and reactionary techniques to defend valuable cloud-based workloads.
Looking to get into Cloud Security Analysis? Here’s how:
Learn More About the SANS Cloud Ace Training Paths
Visit the SANS Cloud Security Curriculum Page | Preview SANS Courses | Connect with Our Solutions Team | Join the SANS Community
Great dad | Inspired Risk Management and Security | Cybersecurity | AI Governance | Data Science & Analytics My posts and comments are my personal views and perspectives but not those of my employer
1moSANS Cloud Security great topic about Cloud concentration vs multi-cloud. The reality is most enterprises cannot afford to have multiple Cloud providers. However, having one is not all that risky if you plan it well.