The document outlines essential security measures for cloud customers, emphasizing the protection of data in transit and at rest through encryption, and the implementation of robust asset protection and user management policies. It highlights the importance of maintaining visibility and control over cloud assets, ensuring compliance with data security regulations, and utilizing identity and authentication tools like two-factor authentication. Additionally, it recommends choosing trustworthy cloud service providers that align with security best practices and operational security controls to mitigate common threats.

1. @infosectrain
SWIPE LEFT
Recommendations for
CLOUD CUSTOMERS
SECURITY CHECKLIST

2. @infosectrain
01
Protection of Data in Transit
and Data at Rest
Since data in transit is vulnerable to interception by
malicious outsiders, making it a critical security risk,
organizations need to encrypt data both at rest in
cloud containers, and in transit.

3. @infosectrain
02
Asset Protection
Security teams should implement security policies
across all digital assets and also secure the data
held on apps and control access to those apps.

4. @infosectrain
03
Visibility and Control
Security teams should maintain visibility and control
of the cloud assets by monitoring data, usage
and user behavior and putting in place systems
that alerts the administrator of any unexpected
activity.

5. @infosectrain
04
Trusted Security Marketplace
and Partner Network
Can you trust your cloud provider? If not, find another
one. Choose a CSP that implements security best
practices, meets CSA or ISO standards and harmonizes
their services with your company’s compliance
standards.

6. @infosectrain
05
Secure User Management
User access management tools or Identity and
Access Management Systems (IAM) must be applied
wherever users can access cloud assets to ensure
total visibility and security.

7. @infosectrain
06
Compliance and Security
Integration
All cloud deployments must comply with relevant
data security regulations. This applies to all
companies dealing with client data, including
personally identifiable information (PII).

8. @infosectrain
07
Identity and
Authentication
Protect cloud infrastructure with 2-factor
authentication (2FA) tools that demand more than just
password credentials. This limits the ability of
attackers to breach cloud perimeters.

9. @infosectrain
08
Operational Security
Operational security controls must be used to
neutralize common cloud threats by managing
vulnerabilities, tracking activity and monitoring threats,
and responding to attacks to limit the damage.