17 Metrics To Analyse Security Infrastructure From Your CSP



17 Metrics To Analyse Security Infrastructure From Your CSP

Here's what you need to check for security measures from your Cloud service provider.

1. Access Privileges: Cloud Service Providers should be able to demonstrate they enforce adequate hiring, oversight and access controls to enforce administrative delegation.

2. Regulatory Compliance: Enterprises are accountable for their own data even when it’s in a public Cloud, and should ensure their providers are ready and willing to undergo audits. That apart, you should have a detailed inventory of hardware specifications, including manufacturers for all Cloud product offerings like disk drives, database hardware, security devices, load balancers, and/or any other hardware.

3. Data Provenance: When selecting a provider, ask where their data centres are located and if they can commit to specific privacy requirements. It’s also important to make sure that the providers guarantee complete data segregation, has the ability to do a complete restoration in the event of a technical failure.

4. Monitoring and Reporting: Monitoring and logging public Cloud activity simultaneously is a difficult task, so enterprises should ask for proof that their hosting providers can support investigations.

5. Business Continuity: Businesses come and go, and enterprises should ask hard questions about the portability of their data to avoid lock-in or potential loss if the business fails. Have formal Risk Analysis & Disaster Recovery plans ready, review it annually. Make sure you perform all significant tests on your Disaster recovery plan.

6. Mobile device access: Mobile device access capabilities and any security controls for protecting linking to lost or stolen customer mobile devices containing data.

7. Encryption protocols: Data in transit and file uploads or transfers must be secured with encryption protocols. Those protocols utilized should be explained by the vendor.

8. Impenetrable Encryption: For data in transit SSL should deliver at minimum 128-bit encryption and optimally 256-bit encryption based on the new 2048-bit global root, and it should require a rigorous authentication process. The SSL issuing authority should maintain military-grade data centres and disaster recovery sites optimized for data protection and availability.

9. For data in storage, check what Encryption technology is utilized for data storage.

10. For data in storage, analyse how are encryption keys for stored data managed?

11. Particularly for data backup and recovery, what technology is used to encrypt data backups and how are those keys managed?

12. If databases are utilized, upto which level encryption applied?

13. A description of the physical security measures in place within your data centres. Describe both the physical data centre access as well as server room and physical host access.

14. How are the logical and physical data centre services secured from other users and from external threats?

15. What level of support does the vendor provide for Single-sign-on (SSO) or authentication utilizing Lehigh identity management infrastructure?

16. A detailed description of those authentication methods.

17. Any support for two-factor authentication?

Cloud services offer high economic benefits, but they also pose risks in safeguarding information and assets. Make sure you have a neat checklist before you outsource your business to a Cloud Service Provider.

Keep reading

Design
Azure AD - B2C: Why Every Customer-Based Business Needs

The B2C model businesses are constantly faced with challenges of scaling up. The upward trend and for ma...

Read more
Cloud Computing
Cloud-Native- A Solution for Organizations

Introduction: Cloud Native

It is in recent times that the term cloud-native has come to use la...

Read more
Cloud Computing
Why Kubernetes on AWS is An Icing on the Cake for Deplo

Kubernetes is one big revolution that has won immense appreciation not just from the developer fraterni...

Read more
Cloud Computing
Cloud-Native with Kubernetes - An Overview

Cloud technologies continue to revolutionize the world, there are advancements every passing day – promi...

Read more
Design
How important is to architect your system before writin

Have you ever cooked? I am sure you would have tried that at least once in your lifetime. Your experienc...

Read more
Cloud Computing
Tools To Assist Your Cloud Architecture Diagrams

Cloud Architecture involves the relationship between various components of the IT project like front end...

Read more
Cloud Computing
How to Review Your Cloud Service Provider?

Planning to outsource your business requirements to a Cloud Service Provider? Well, here’s a checklist y...

Read more