- Security TWENTY
- Women in Security
Part of the Government intelligence agency GCHQ, CESG has brought out a brief document to describe principles which should be considered when evaluating the security features of cloud services. Some cloud services will provide all of the security principles, while others only a subset. It is for the consumer of the service to decide which of the security principles are important to them in the context of how they expect to use the service.
Some service providers will be able to offer higher levels of confidence in how they implement the different security principles. Consumers will need to decide how much, if any, assurance they require in the different security principles which matter to them.
These principles apply equally to Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
Covered are –
Data in transit protection
Asset protection and resilience
Separation between consumers
Supply chain security
Secure consumer management
Secure on-boarding and off-boarding
Service interface protection
Secure service administration
Audit information provision to tenants
Secure use of the service by the consumer.