Scribd
Upload
223 views8 pages

Cloud - Security - Checklist - 221216 - 134458

Uploaded by

Sumit Thatte
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
223 views8 pages

Cloud - Security - Checklist - 221216 - 134458

Uploaded by

Sumit Thatte
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Cloud Security checklist

Are you really ready for Cloud


Cloud
Security
Checklist

Introduction

Once you have assessed the benefits As with traditional outsourcing projects, organisations need to assess
not only their own capabilities, but also those of any proposed cloud
of migrating a business system or its service provider.

function to the Cloud (See our White If you approach cloud in the right way, with appropriate checks
and balances to ensure all necessary risk management measures
Book of Cloud Adoption), the next step are covered, security is not a barrier to adoption.
is to consider the security and risk This checklist enables you to make this assessment in two stages:
management implications of doing so. 1 Determine how prepared the security team is for the move;

2 The readiness of the rest of the organisation by business area


and any proposed provider’s assurance of Cloud security.

The following provides a high-level guide to the areas organisations


need to consider. Once ALL the boxes have been ticked, you can be
sure you are operating in a secure Cloud context.
Cloud
Security
Checklist

1 Is the security team ready for the Cloud?

1 Is the security team aware of / 2 Does the organisation have a 3 Has security governance been
knowledgeable about cloud? cloud security strategy with which adapted to include cloud?
its auditors would be happy

Security team Security team Security team

4 Does the team’s structure enable 5 Has the security team updated all 6 Has the security team provided
cloud security? security policies and procedures to guidance to the business on how
incorporate cloud? to remain secure within
a cloud environment?

Security team Security team Security team


Cloud
Security
Checklist

2 Is your organisation /service provider ready?


Effective Cloud security considerations for the Organisation / Service provider spans three key areas:

• Management
• Operation
• Technology

Management

1 Is everyone aware of his or her 2 Is there a mechanism for 3 Does the business governance
cloud security responsibilities? assessing the security of mitigate the security risks that
a cloud service? can result from cloud-based
“shadow IT”?

Organisation Provider Organisation Provider Organisation Provider

4 Does the organisation know 5 Is there a mechanism for 6 Does the organisation understand
within which jurisdictions managing cloud-related risks? the data architecture needed to
its data can reside? operate with appropriate security
at all levels?

Organisation Provider Organisation Provider Organisation Provider

7 Can the organisation be confident 8 Can the provider comply with 9 Does the compliance function
of end-to-end service continuity all relevant industry standards understand the specific
across several cloud (e.g. the UK’s Data regulatory issues pertaining
service providers? Protection Act)? to the organisation’s adoption
of cloud services?
Organisation Provider Organisation Provider Organisation Provider
Cloud
Security
Checklist

Operation

1 Are regulatory complience 2 Does the provider have the right 3 Does using a cloud provider
reports, audit reports and attitude to incident resolutions give the organisation an
reporting information available and configuration management, environmental advantage?
form the provider? even when services involve
multiple providers?
Organisation Provider Organisation Provider Organisation Provider

4 Does the organisation know 5 Is the cloud-based application 6 Are all personnel appropriately
in which application or database maintained and disaster tolerant vetted, monitored
each data entity is stored (i.e. would it recover from and supervised?
or mastered? an internal or externally-
caused disaster)?
Organisation Provider Organisation Provider Organisation Provider

7 Is the provider able to deliver 8 Is it easy to securely integrate 9 Do you know the loaction from
a service within the required the cloud-based applications which the provider will deliver
performance parameters? at runtime and contract support and management
termination? services?

Organisation Provider Organisation Provider Organisation Provider

10 Do the procurement processes


contain cloud security
requirements?

Organisation Provider
Cloud
Security
Checklist

Technology

1 Are there appropriate access 2 Is data separation maintained 3 Has the organisation considered
controls (e.g. federated single between the organisation’s and addressed backup, recovery,
sign-on) that give users controlled information and that of other archiving and decommissioning
access to cloud applications? customers of the provider, at of data stored in a cloud
runtime and during backup environment?
(including data disposal)
Organisation Provider Organisation Provider Organisation Provider

4 Are mechanisms in place for 5 Are all cloud-based systems, 6 Are the network designs suitably
identification, authorisation and infrastructure and physical secure for the organisation’s cloud
key management in a cloud locations suitably protected? adoption strategy?
environment?

Organisation Provider Organisation Provider Organisation Provider


Cloud
Security
Checklist

Closing remarks
At Fujitsu, we recognise that for companies adopting cloud
services, security is a key concern. Our Cloud offerings have
built-in security mechanisms that address business concerns
and our Cloud Security Committee ensures our cloud offerings
are founded in future-proof security principles. As an active
member of the Cloud Security Alliance and other industry
bodies, we are firmly committed to furthering cloud standards.

Further reading
• Cloud Security Alliance Security Guidance for Critical Areas of Focus in Cloud Computing V2.1
• Gartner ID G00209052: “Determining criteria for cloud security assessment: it’s more than a checklist”
• Cloud Legal Project at Queen Mary, University of London (http://www.cloudlegal.ccls.qmul.ac.uk/)
• The German Federal Office for Information Security’s security requirements for cloud computing providers
• Cloud security study of the Fraunhofer Institute for Secure Information Technology (SIT).

In addition, further guidance can be found from the following websites:

www.first.org
www.enisa.europa.eu
www.cloudsecurityalliance.org
www.nist.gov

Contact us on:
Tel: +44 (0) 870 242 7998
Email: [email protected]
Web: uk.fujitsu.com

Ref: XXXX. Copyright © Fujitsu Services Ltd 2014. All rights reserved.
No part of this document may be reproduced, stored or transmitted in any form without prior written permission of Fujitsu Services Ltd. Fujitsu Services Ltd endeavours to ensure
that the information in this document is correct and fairly stated, but does not accept liability for any errors or omissions.

You might also like