Cloud Security Principles

Guidance from the National Cyber Security Centre

To improve the underlying security of the UK internet and to protect critical services from cyber-attacks, the National Cyber Security Centre was set up, the information security arm of the Government Communications Headquarters (GCHQ), and provides a framework built around 14 Cloud Security Principles.

These Cloud Security Principles are expansive and thorough and include such important considerations as data in-transit protection, supply chain security, identity and authentication and secure use of the service.

The 14 principles are aligned with ISO 27001, an auditable, international, information security management standard published by the International Organization for Standardisation (ISO) and the International Electrotechnical Commission (IEC).

These principles, listed below, provide an excellent basis for the evaluation of a cloud service provider, this can assist organisations to fast-track their ability to meet their compliance obligations regardless of the specific industry regulations and governance.

The principles defined by CESG/NCSC cover

1. Data in transit protection
2. Asset Protection and Resilience
3. Separation Between Consumers
4. Governance framework
5. Operational Security
6. Personnel Security
7. Secure Development
8. Supply Chain Security
9. Secure Consumer Management
10. Identity and Authentication
11. External Interface Protection
12. Secure Service Administration
13. Audit Information Provision to Consumers
14. Secure use of the Service by the Consumer

This downloadable document provides the details of how PeaSoup’s services align with the fourteen cloud security principles set forth in the CESG/NCSC publication “Implementing the Cloud Security Principles

Further details can be found on the NCSC’s website on this link

Implementing the Cloud Security Principles