Cloud Security Checklist Are You Really Ready For Cloud - Fujitsu
1y ago
21 Views
1 Downloads
2.24 MB
7 Pages
Report/dmca
Download PDF

Transcription

Cloud Security checklistAre you really ready for Cloud

CloudSecurityChecklistIntroductionOnce you have assessed the benefitsof migrating a business system or itsfunction to the Cloud (See our WhiteBook of Cloud Adoption), the next stepis to consider the security and riskmanagement implications of doing so.As with traditional outsourcing projects, organisations need to assessnot only their own capabilities, but also those of any proposed cloudservice provider.If you approach cloud in the right way, with appropriate checksand balances to ensure all necessary risk management measuresare covered, security is not a barrier to adoption.This checklist enables you to make this assessment in two stages:1 Determine how prepared the security team is for the move;2 The readiness of the rest of the organisation by business areaand any proposed provider’s assurance of Cloud security.The following provides a high-level guide to the areas organisationsneed to consider. Once ALL the boxes have been ticked, you can besure you are operating in a secure Cloud context.

CloudSecurityChecklist1 Is the security team ready for the Cloud?1 Is the security team aware of /knowledgeable about cloud?Security team4 Does the team’s structure enablecloud security?Security team2 Does the organisation have acloud security strategy with whichits auditors would be happySecurity team5 Has the security team updated allsecurity policies and procedures toincorporate cloud?Security team3 Has security governance beenadapted to include cloud?Security team6 Has the security team providedguidance to the business on howto remain secure withina cloud environment?Security team

CloudSecurityChecklist2 Is your organisation /service provider ready?Effective Cloud security considerations for the Organisation / Service provider spans three key areas: Management Operation TechnologyManagement1 Is everyone aware of his or hercloud security responsibilities?OrganisationProvider4 Does the organisation knowwithin which jurisdictionsits data can reside?OrganisationProvider7 Can the organisation be confidentof end-to-end service continuityacross several cloudservice providers?OrganisationProvider2 Is there a mechanism forassessing the security ofa cloud service?OrganisationProvider5 Is there a mechanism formanaging cloud-related risks?OrganisationProvider8 Can the provider comply withall relevant industry standards(e.g. the UK’s DataProtection Act)?OrganisationProvider3 Does the business governancemitigate the security risks thatcan result from cloud-based“shadow IT”?OrganisationProvider6 Does the organisation understandthe data architecture needed tooperate with appropriate securityat all levels?OrganisationProvider9 Does the compliance functionunderstand the specificregulatory issues pertainingto the organisation’s adoptionof cloud services?OrganisationProvider

CloudSecurityChecklistOperation1 Are regulatory compliencereports, audit reports andreporting information availableform the provider?OrganisationProvider4 Does the organisation knowin which application or databaseeach data entity is storedor mastered?OrganisationProvider7 Is the provider able to delivera service within the requiredperformance parameters?OrganisationProvider10 Do the procurement processescontain cloud securityrequirements?OrganisationProvider2 Does the provider have the rightattitude to incident resolutionsand configuration management,even when services involvemultiple providers?OrganisationProvider5 Is the cloud-based applicationmaintained and disaster tolerant(i.e. would it recover froman internal or externallycaused disaster)?OrganisationProvider8 Is it easy to securely integratethe cloud-based applicationsat runtime and contracttermination?OrganisationProvider3 Does using a cloud providergive the organisation anenvironmental advantage?OrganisationProvider6 Are all personnel appropriatelyvetted, monitoredand supervised?OrganisationProvider9 Do you know the loaction fromwhich the provider will deliversupport and managementservices?OrganisationProvider

CloudSecurityChecklistTechnology1 Are there appropriate accesscontrols (e.g. federated singlesign-on) that give users controlledaccess to cloud applications?OrganisationProvider4 Are mechanisms in place foridentification, authorisation andkey management in a cloudenvironment?OrganisationProvider2 Is data separation maintainedbetween the organisation’sinformation and that of othercustomers of the provider, atruntime and during backup(including data disposal)OrganisationProvider5 Are all cloud-based systems,infrastructure and physicallocations suitably protected?OrganisationProvider3 Has the organisation consideredand addressed backup, recovery,archiving and decommissioningof data stored in a cloudenvironment?OrganisationProvider6 Are the network designs suitablysecure for the organisation’s cloudadoption strategy?OrganisationProvider

CloudSecurityChecklistClosing remarksAt Fujitsu, we recognise that for companies adopting cloudservices, security is a key concern. Our Cloud offerings havebuilt-in security mechanisms that address business concernsand our Cloud Security Committee ensures our cloud offeringsare founded in future-proof security principles. As an activemember of the Cloud Security Alliance and other industrybodies, we are firmly committed to furthering cloud standards.Further reading Cloud Security Alliance Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 Gartner ID G00209052: “Determining criteria for cloud security assessment: it’s more than a checklist” Cloud Legal Project at Queen Mary, University of London (http://www.cloudlegal.ccls.qmul.ac.uk/) The German Federal Office for Information Security’s security requirements for cloud computing providers Cloud security study of the Fraunhofer Institute for Secure Information Technology (SIT).In addition, further guidance can be found from the following securityalliance.orgwww.nist.govContact us on:Tel: 44 (0) 870 242 7998Email: askfujitsu@uk.fujitsu.comWeb: uk.fujitsu.comRef: XXXX. Copyright Fujitsu Services Ltd 2014. All rights reserved.No part of this document may be reproduced, stored or transmitted in any form without prior written permission of Fujitsu Services Ltd. Fujitsu Services Ltd endeavours to ensurethat the information in this document is correct and fairly stated, but does not accept liability for any errors or omissions.

Once you have assessed the benefits of migrating a business system or its function to the Cloud (See our White Book of Cloud Adoption), the next step . The German Federal Office for Information Security's security requirements for cloud computing providers Cloud security study of the Fraunhofer Institute for Secure Information .

Related Books

Sophos Cloud Optix Proof of Concept Guide

Sophos Cloud Optix Proof of Concept Guide

Cloud Volumes Service for Google Cloud documentation : Cloud Volumes .

Cloud Volumes Service for Google Cloud documentation : Cloud Volumes .

Internal Audit Checklist

Internal Audit Checklist

Guide to Best Practice Maintenance & Operation of HVAC .

Guide to Best Practice Maintenance & Operation of HVAC .

Best Practices Guidelines for EPC and O&M - Solar Bankability

Best Practices Guidelines for EPC and O&M - Solar Bankability

U.S. Government Configuration Baseline (USGCB) - NIST

U.S. Government Configuration Baseline (USGCB) - NIST

A R G E N T I N a Y a Me R I C a N a

A R G E N T I N a Y a Me R I C a N a "D R . E Mi L I O R Av I G N a N I .

Cloud Strategy Leadership - Gartner

Cloud Strategy Leadership - Gartner

Replication Flow - VMware Cloud Director Availability 4

Replication Flow - VMware Cloud Director Availability 4

Tutorial: Cloud Computing Security

Tutorial: Cloud Computing Security

Free vehicle maintenance checklist template - innotack

Free vehicle maintenance checklist template - innotack

PopularTags

Recent Views