Guidance from the National Cyber Security Centre
To improve the underlying security of the UK internet and to protect critical services from cyber-attacks, the National Cyber Security Centre was set up, the information security arm of the Government Communications Headquarters (GCHQ), and provides a framework built around 14 Cloud Security Principles.
These Cloud Security Principles are expansive and thorough and include such important considerations as data in-transit protection, supply chain security, identity and authentication and secure use of the service.
The 14 principles are aligned with ISO 27001, an auditable, international, information security management standard published by the International Organization for Standardisation (ISO) and the International Electrotechnical Commission (IEC).
These principles, listed below, provide an excellent basis for the evaluation of a cloud service provider, this can assist organisations to fast-track their ability to meet their compliance obligations regardless of the specific industry regulations and governance.
The principles defined by CESG/NCSC cover
- Data in transit protection
- Asset Protection and Resilience
- Separation Between Consumers
- Governance framework
- Operational Security
- Personnel Security
- Secure Development
- Supply Chain Security
- Secure Consumer Management
- Identity and Authentication
- External Interface Protection
- Secure Service Administration
- Audit Information Provision to Consumers
- Secure use of the Service by the Consumer
This downloadable document provides the details of how PeaSoup’s services align with the fourteen cloud security principles set forth in the CESG/NCSC publication “Implementing the Cloud Security Principles