Skip to content

Frameworks

Frameworks

Item Description
adidas-devops-maturity-framework Based in the C.A.L.M.S. definition of DevOps, the framework defines a set of capabilities and guidelines that, when adopted, increase efficiency, effectiveness, and happiness of the team
In depth research and trends analyzed from 50+ different concepts as code Post analyzing the trends from over 50+ concepts "as code"

Cloud Security

Item Description
Marco Lancini Cloud Security Strategies A collection of articles providing actionable advice for anyone looking to establish a cloud security program aimed at protecting cloud native offerings
  • On Establishing a Cloud Security Program: A framework to establish a cloud security program aimed at protecting a cloud native, service provider agnostic, container-based, offering, aligned with NIST and the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)
  • What to look for when reviewing a company's infrastructure: A comprehensive guide that provides a structured approach to reviewing the security architecture of a multi-cloud SaaS company and finding its most critical components
Cloud Security Orienteering
  • A cloud and environment agnostic methodology for getting your bearings if tasked with securing a novel cloud environment
  • Also refer to the companion blog post, checklist, and talk
Chris Farris
  • Modern Cloud Governance
    • If you break down your cloud program into three core functions (development, security, and finance), you can see how each manages an aspect of your cloud: cost, risk and agility
    • Risk Reduction in Modern Cloud Governance organization needs to focus on realistic cloud security standards, guardrails, and education. Guardrails need to be flexible.
    • A successful cloud strategy needs to bring together the three constituencies into a common conversation to balance the cost, risk, and ability to agilely deliver what the business requires. It requires less of a top-down governance model and more of a bottom up common understanding. Each side must give and take in balance.
  • Creating a Cloud Security Standard
    • High level structure of a custom Cloud Security Standard
  • How the scorecard works
    • Each executive had their own scorecard reflecting their own AWS Accounts
    • It gave them their score on each requirement in the Cloud Security Standard, and in a separate tab, the list of resource IDs that the system determined were non-compliant
  • Mapping CIS Controls to Cloud
    • CIS publishes a list of 20 Critical Security Controls
    • While primarily focused at traditional IT data-center centric organizations, the concepts and the order of the 20 Controls provides a reasonably good road map for anyone looking to start their cloud security journey

Collection of vulnerabilities

Item Description
Cloud Risk Encyclopedia 1200+ cloud security risks, 3 cloud platforms. 47 compliance frameworks. 18 risk categories. 4 risk levels
The Open Cloud Vulnerability & Security Issue Database An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues