“This guidance is intended to help organisations consider the security features of cloud services they wish to use. It is the first of a number of guidance documents for the public sector relating to the use of cloud services to process OFFICIAL information. “ ~ UK Government
The above is an opening extract from a recent Cloud Service Security Principles document aimed at organizations considering or evaluating cloud services, including those on offer from Infrastructure-as-a-Service (IaaS) web hosting providers.
The document covers 14 essential guiding principles around cloud services including:
- Data in transit protection
- Asset protection and resilience
- Separation between consumers
- Operational security
- Personnel security
- Secure development
- Supply chain security
- Secure consumer management
- Secure on-boarding and off-boarding
- Service interface protection
- Secure service administration
- Audit information provision to tenants
- Secure use of the service by the consumer
In the areas of operational security, the UK government suggested the [web hosting] provider should have processes and procedures in place to ensure the operational security of the service, covering:
- Configuration and change managemen
- Vulnerability management
- Protective monitoring
- Incident management
It also stated, “service provider staff should be subjected to adequate personnel security screening for their role. At a minimum this should include identity, unspent criminal convictions, and right to work checks. For roles with a higher level of service access, the service provider should undertake and maintain appropriate additional personnel security checks.”
Those interested in reading more can read the cloud guidance document on the government site.
UK startups and businesses are becoming more adept at seeking out managed hosting and cloud services (with customized SLAs) that offer a reliable platform for hosting websites and applications WITHOUT having to manage the underlying infrastructure.
The UK Government policy document is an important tool to help supplement this research process.
This article was brought to you by VI.net, for dedicated server hosting, cloud servers and 24/7 support visit our site here www.vi.net