How to choose, configure and use cloud services securely.
If you want to store and process data in the cloud, or use cloud platforms to build and host your own services, this guidance will help you do so securely.
Cloud usage continues to grow steadily, both in volume and the type of services being built and hosted in it. In fact, cloud is usually the preferred option when organisations procure new IT services, as reflected in the UK governmentâs Cloud First Policy.
Against this background, it’s essential that new services are chosen and built in a way which reflects their security needs.
Who is this guidance for?
All organisations can use this guidance to navigate the sometimes confusing array of technologies which make up âthe cloudâ, and the management models which underpin their use.
More particularly:
- If youâre already using cloud services, refer to the section on assessing the security of your chosen services when considering new and updated additions or modifications. To audit you existing deployments, refer to the actions in Using cloud services securely.
- If you donât hold or process sensitive data, you may find the lightweight approach to cloud security most useful.
- If youâre a larger business/enterprise (including the public sector), you should choose a cloud provider using the cloud security principles. Once you have chosen one you should configure and use your chosen cloud service securely as required by the shared responsiblity model.
Note:
Individuals looking for advice about how to use online services securely should refer to our Cyber Aware advice on staying secure online.
This collection contains
Introduction to cloud security
Defining some common terms, and providing background on the various sections of this guide.
Understanding cloud services
Cloud services can be seen from a number of perspectives. This section considers:
- service models and deployment models
- the âshared responsibility modelâ used by many cloud providers to handle day-to-day management of security
- two specific security techniques; separation and cryptography
Choosing a cloud provider
The cloud security principles and how to use them, along with our lightweight security framework and some vendor responses to the principles.
Using cloud services securely
Some actions that customers of cloud services will need to take. This includes advice for cloud platforms and software as a service (SaaS), and those looking to lift and shift into the cloud.
Introduction to cloud security
https://www.ncsc.gov.uk/collection/cloud
Practical Cloud Security: A Guide for Secure Design and DeploymentÂ
InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory
