Cyber criminals can exploit configuration errors or technical vulnerabilities in applications, firewalls, or networks to access our information.
An organization must use defense-in-depth technologies to protect against, detect, and respond to cyber-attacks. The techniques should be suitable for controlling physical, logical and administrative controls.
In environments that include virtual and physical layers, inconsistency of network policies can cause e.g. system outages or defective access control.
The organisation must ensure that the configuration of virtual networks is aligned with the policies for configuring physical networks. Network configuration should match the policy no matter what means are used to create the configuration.
The organization must use secure and encrypted connections to move servers, services, applications, or data to the cloud. Only the latest versions and approved protocols may be used for connections.
An organization needs to draw the high-risk network environments. The drawing should show:
The organization must have clear policies for developing virtualization security. The policy should be reviewed and updated at least annually.
The virtualization policy should consider at least: