Guidance from the National Cyber Security Centre

 

To improve the underlying security of the UK internet and to protect critical services from cyber-attacks, the National Cyber Security Centre was set up, the information security arm of the Government Communications Headquarters (GCHQ), and provides a framework built around 14 Cloud Security Principles.

These Cloud Security Principles are expansive and thorough and include such important considerations as data in-transit protection, supply chain security, identity and authentication and secure use of the service.

The 14 principles are aligned with ISO 27001, an auditable, international, information security management standard published by the International Organization for Standardisation (ISO) and the International Electrotechnical Commission (IEC).

 

These principles, listed below, provide an excellent basis for the evaluation of a cloud service provider, this can assist organisations to fast-track their ability to meet their compliance obligations regardless of the specific industry regulations and governance.

 

The principles defined by CESG/NCSC cover

  1. Data in transit protection
  2. Asset Protection and Resilience
  3. Separation Between Consumers
  4. Governance framework
  5. Operational Security
  6. Personnel Security
  7. Secure Development
  8. Supply Chain Security
  9. Secure Consumer Management
  10. Identity and Authentication
  11. External Interface Protection
  12. Secure Service Administration
  13. Audit Information Provision to Consumers
  14. Secure use of the Service by the Consumer

 

This downloadable document provides the details of how PeaSoup’s services align with the fourteen cloud security principles set forth in the CESG/NCSC publication “Implementing the Cloud Security Principles

 

 

Further details can be found on the NCSC’s website on this link