Securing Cloud Services

Explore the governance framework of the enterprise information security policy and its policy subsets, including acceptable use, hiring and termination, data classification, risk management, incident response, business continuity, and sanctions.

Engage in risk management by identifying and quantifying threats—from nature, man-made, technical, to supply systems—then implement preventive and recovery controls through due diligence and do care.

Learn to conduct a risk assessment by inventorying information assets, valuing them, and prioritizing protections. Identify vulnerabilities and threats, quantify risk, and apply preventive, response, and recovery controls.

Assess the risk and present to management; implement administrative, physical, and technical controls to mitigate, transfer, or avoid risk, deter the bad thing, and monitor effectiveness.

Design and implement a security program that enforces administrative, physical, and technical controls, trains users, and monitors and audits for anomalies to protect data confidentiality, integrity, and availability.

Identify data assets, set classification levels, and label data and media. Define protection criteria based on confidentiality, integrity, and availability, and assign roles from owners to custodians to enforce controls.

Focus on safety first, teaching fire drills, CPR, and defibrillator use before enterprise protection. It also covers policies, monitoring, enforcement, and assigned roles for incident response.

Explore securing cloud services by enforcing strong isolation in multi-tenant environments, hardening hypervisors and hosts, and applying secure coding and OWASP guidelines to web applications.

Implement administrative, physical, and technical controls for cloud use, secure data at rest, in transit, and in processing, and establish logging, monitoring, auditing, encryption, dlp, vpn, tls.

Conduct thorough due diligence on the cloud service provider and its subproviders to verify they meet your security objectives, certifications, and remediation history, including SAML, OpenID, and X.500 directory services.

Ensure connectivity fault tolerance and redundancy with multiple high-speed connections and mesh routing, plus federated identity management, reverse proxies, encryption standards, co-location, tenant isolation, and timely patching.

Implement cloud services cautiously by auditing, testing, and monitoring providers; enforce incident response, key escrow, data loss prevention, and data classification to protect confidentiality, integrity, and availability.

Perform on-site inspections, auditing, and testing of the physical environment hosting cloud services to ensure due diligence, while monitoring usage, security events, and compliance against the service agreement.

Enforce cloud service agreements by monitoring provider performance and addressing violations with the legal department. Monitor users against an acceptable use policy and apply administrative, physical, and technical controls.

Securely migrate to cloud services by first hardening the internal network, selecting saas/paas/iaas models, and implementing governance, risk management, and phased migration.