While this checklist just gives a birdโs eye view of things to consider when opting for a cloud service provider, it is your responsibility to use the tools provided by CSPs, and integrate them into enterprise-wide cloud security policies.
2. @infosectrain
01
Protection of Data in Transit
and Data at Rest
Since data in transit is vulnerable to interception by
malicious outsiders, making it a critical security risk,
organizations need to encrypt data both at rest in
cloud containers, and in transit.
4. @infosectrain
03
Visibility and Control
Security teams should maintain visibility and control
of the cloud assets by monitoring data, usage
and user behavior and putting in place systems
that alerts the administrator of any unexpected
activity.
5. @infosectrain
04
Trusted Security Marketplace
and Partner Network
Can you trust your cloud provider? If not, find another
one. Choose a CSP that implements security best
practices, meets CSA or ISO standards and harmonizes
their services with your companyโs compliance
standards.
6. @infosectrain
05
Secure User Management
User access management tools or Identity and
Access Management Systems (IAM) must be applied
wherever users can access cloud assets to ensure
total visibility and security.
7. @infosectrain
06
Compliance and Security
Integration
All cloud deployments must comply with relevant
data security regulations. This applies to all
companies dealing with client data, including
personally identifiable information (PII).
9. @infosectrain
08
Operational Security
Operational security controls must be used to
neutralize common cloud threats by managing
vulnerabilities, tracking activity and monitoring threats,
and responding to attacks to limit the damage.