"Proposed US Guidance, Legislation Show Increasing Importance of Cloud Security"
The United States is working on guidance and legislation regarding cloud security, which shows the government is placing increasing importance on cloud security. The US Cybersecurity and Infrastructure Security Agency (CISA) recently announced that it is seeking public comment on a couple of guidance documents created as part of a project called Secure Cloud Business Applications (SCuBA), whose goal is to help improve visibility, standards, and security practices for government cloud. CISA stated that the project was established to develop consistent, effective, modern, and manageable security configurations that will help secure agency information assets stored within cloud environments. One of the documents is the SCuBA Technical Reference Architecture (TRA), a security guide designed to help federal agencies adopt technology for cloud deployment, adaptable solutions, secure architecture, zero trust, and agile development. The second document, the Extensible Visibility Reference Framework (eVRF) guidebook, describes a framework that can be used by organizations to identify visibility data that can be used to mitigate threats, as well as to identify visibility gaps. CISA is requesting public comment on these two products to ensure their guidance enables the best flexibility to keep pace with evolving technologies and capabilities and protect the federal enterprise. CISA noted that its intent is to properly address cybersecurity and visibility gaps within cloud-based business applications that have long hampered the collective ability to adequately understand and manage cyber risk across the Federal and IT enterprise. While these resources are mainly intended for government agencies, CISA advises all organizations to use the guidance to improve cloud security. The deadline for commenting on the two documents is May 19, 2022.