17 Metrics To Analyse Security Infrastructure From Your CSP



17 Metrics To Analyse Security Infrastructure From Your CSP

Here's what you need to check for security measures from your Cloud service provider.

1. Access Privileges: Cloud Service Providers should be able to demonstrate they enforce adequate hiring, oversight and access controls to enforce administrative delegation.

2. Regulatory Compliance: Enterprises are accountable for their own data even when it’s in a public Cloud, and should ensure their providers are ready and willing to undergo audits. That apart, you should have a detailed inventory of hardware specifications, including manufacturers for all Cloud product offerings like disk drives, database hardware, security devices, load balancers, and/or any other hardware.

3. Data Provenance: When selecting a provider, ask where their data centres are located and if they can commit to specific privacy requirements. It’s also important to make sure that the providers guarantee complete data segregation, has the ability to do a complete restoration in the event of a technical failure.

4. Monitoring and Reporting: Monitoring and logging public Cloud activity simultaneously is a difficult task, so enterprises should ask for proof that their hosting providers can support investigations.

5. Business Continuity: Businesses come and go, and enterprises should ask hard questions about the portability of their data to avoid lock-in or potential loss if the business fails. Have formal Risk Analysis & Disaster Recovery plans ready, review it annually. Make sure you perform all significant tests on your Disaster recovery plan.

6. Mobile device access: Mobile device access capabilities and any security controls for protecting linking to lost or stolen customer mobile devices containing data.

7. Encryption protocols: Data in transit and file uploads or transfers must be secured with encryption protocols. Those protocols utilized should be explained by the vendor.

8. Impenetrable Encryption: For data in transit SSL should deliver at minimum 128-bit encryption and optimally 256-bit encryption based on the new 2048-bit global root, and it should require a rigorous authentication process. The SSL issuing authority should maintain military-grade data centres and disaster recovery sites optimized for data protection and availability.

9. For data in storage, check what Encryption technology is utilized for data storage.

10. For data in storage, analyse how are encryption keys for stored data managed?

11. Particularly for data backup and recovery, what technology is used to encrypt data backups and how are those keys managed?

12. If databases are utilized, upto which level encryption applied?

13. A description of the physical security measures in place within your data centres. Describe both the physical data centre access as well as server room and physical host access.

14. How are the logical and physical data centre services secured from other users and from external threats?

15. What level of support does the vendor provide for Single-sign-on (SSO) or authentication utilizing Lehigh identity management infrastructure?

16. A detailed description of those authentication methods.

17. Any support for two-factor authentication?

Cloud services offer high economic benefits, but they also pose risks in safeguarding information and assets. Make sure you have a neat checklist before you outsource your business to a Cloud Service Provider.

Keep reading

Design
How important is to architect your system before writin

Have you ever cooked? I am sure you would have tried that at least once in your lifetime. Your experienc...

Read more
Cloud Computing
Tools To Assist Your Cloud Architecture Diagrams

Cloud Architecture involves the relationship between various components of the IT project like front end...

Read more
Cloud Computing
How to Review Your Cloud Service Provider?

Planning to outsource your business requirements to a Cloud Service Provider? Well, here’s a checklist y...

Read more
Web
Angular 8 is out : How is it compared with Angular 7

With the next version of Angular Javascript framework being released, desktop and mobile apps have start...

Read more
Moblie Apps
Why do you need an end to end solution provider for app

It comes as no surprise that we spend a lot of time on our mobile phones. Be it for gaming, ordering foo...

Read more
Design
Is your website optimized? Here is a basic guideline to

Website Optimization is referred to as a technique by which all the website data like web pages, conten...

Read more
Moblie Apps
How are mobile apps affecting the healthcare industry?

Application development has given a new dimension to the field of medicine. The professionals in this f...

Read more
Design
5 Significant UX Design Principles for a Business Websi

Making a unique and powerful website is obligatory for the accomplishment of your business. While there ...

Read more
Moblie Apps
The Mobile App UI Design Trends in 2019

Design trends are fleeting, ever-changing, and continually advancing, particularly in the realm of mobil...

Read more