4.0 KiB
title, type, source-type, category, tags, date-added, video-source, audio-source, status
| title | type | source-type | category | tags | date-added | video-source | audio-source | status | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM) | cloud-learning | video | DevOps & SRE/07_Security |
|
2026-04-14 | nas:///volume2/work/Public Cloud Learning Sessions/CTP _ Topic 52_ 3 Lines of Defence (3LoD) framework _ Cloud Security Posture Management (CSPM).mp4 | summarized (Gemini 摘要) |
CTP Topic 52 3 Lines of Defence (3LoD) framework Cloud Security Posture Management (CSPM)
Source: NAS /volume2/work/Public Cloud Learning Sessions/CTP _ Topic 52_ 3 Lines of Defence (3LoD) framework _ Cloud Security Posture Management (CSPM).mp4
Type: VIDEO | Category: 07_Security
Status: 🟡 Awaiting Whisper transcription → Summary
摘要
Three Lines of the Fence Framework and Cloud Security Posture Management
Coyote, Head of Enterprise Application Security, discussed the three lines of defense model and cloud security posture management. The three lines of defense model was approved by ELT mid-year and serves as the organization's go-to model.
The previous fragmented security models with multiple security teams and policies led to an audit that recommended a better framework for clear roles and responsibilities. The first line of defense is the business units, responsible for implementing and managing security controls in their areas. The second line is the group's office, responsible for policies, incident response, and cyber tooling, acting as advisors to the first line. The third line involves auditing to ensure the first and second lines are compliant, providing assurance to the business. The key organization drivers are regulatory compliance, centralized platform, cloud migration, baseline controls, and greater security response coverage.
Key organizational drivers include regulatory compliance, a centralized platform, cloud migration, baseline controls, and improved security response. Work streams implemented as a result include policy review and consolidation, incident response engagement, development of cybersecurity risk and control metrics, cybersecurity tools review, and security architecture standards and patterns. The cloud architecture pattern aims to be agnostic, reusable, and applicable across AWS, Azure, and GCP environments, developed with input from BU leads.
Cloud security posture management (CSPM) addresses siloed management and the lack of a central view of public cloud security posture, which led to incidents and prolonged response times. A CSPM should consolidate misconfigurations from multiple cloud accounts into a single platform, provide compliance framework views (CIS, NIST, ISO), and allow custom policies. Core features include discovery, monitoring, assessment, and protection. Cloud Guard was selected after a POC of two vendors.
Cloud Guard's core features include posture management, asset management, network configuration exploration, event management, identity management, and intelligence. Cloud Guard provides the ability to assess the compliance of public cloud accounts. It uses built-in and custom rule sets, manages assets in onboarded cloud environments, visualizes network policies, and offers in-depth views of security groups. The system also provides intelligence by ingesting cloud trail logs and applying rules to detect anomalies and potential issues.
New accounts are onboarded into Cloud Guard as part of the creation process, ensuring comprehensive coverage and application of relevant rulesets. The organization is working to improve prevention rates by enforcing rules and enhancing visibility, aiming to minimize the gap between deviations and corrections. The speaker also addressed questions about log aggregation, the decommissioning of CCYE guard rails, and how teams are adapting to alerts from the CSPM.
关键概念
行动项
相关视频
配对视频笔记链接(生成后填入)
最后更新: 2026-04-14