We are pleased to share the k9 Security Guide to Tagging Cloud Deployments with you:


The guide helps technology teams tag Cloud application and infrastructure resources with the context needed to manage, operate, and secure those resources effectively.

Figure: Cloud Deployment and Supporting Functions

With this information, Development, Operations, Finance, Security, Audit, and Risk Management personnel can collaborate efficiently and answer many of their own questions without resorting to time and attention consuming meetings and chats.

‘Simple’ questions with difficult answers like:

  • Who owns this resource? What application does it belong to?
  • Who should we call when the application is broken?
  • Who should pay for this resource? Which applications are driving our costs?
  • Do access controls secure this resource appropriately?
  • How much risk does our Cloud deployment have? Where is that risk concentrated?
  • Which security improvements reduce our risk the most?

These questions are time consuming or impossible to answer when you don’t have well-modeled context. Not being able to answer these questions leaves you unable to manage your operations, security, and risk effectively. That’s a bad place to be.

We hope this guide supports your Cloud governance, security, and risk management efforts. The guide describes a comprehensive model for tagging cloud deployments you can adopt or adapt as your own tagging standard. The guide illustrates application with examples, recommends adjustments for organizations large and small, and explains ‘why’ this context is important.

Please contact us and let us what you think about this guide. We’d be happy to help you apply it!

k9 Security