Know the infrastructure security of your provider or platform: In the shared security model, the provider (or whoever maintains the private cloud platform) has the burden of ensuring the underlying physical, abstraction, and orchestration layers of the cloud are secure. Review compliance certifications and attestations. Check industry-standard and industry-specific compliance certifications and attestations on a regular basis for having the…
Category: QuickGuide
QuickGuide: ISO/IEC 17789 Cloud Computing Reference Architecture (CCRA)
ISO/IEC describes cloud computing systems from four distinct viewpoints: User view: The system context, the parties, the roles, the sub-roles, and the cloud computing activities Functional view: The functions necessary for the support of cloud computing activities Implementation view: The functions necessary for the implementation of a cloud service within service parts and/or infrastructure parts Deployment…
QuickGuide: PCI Guidelines at a glance
PCI DSS (Payment Card Industry Data Security Standard) is an industry mandate. If your enterprise accepts credit card payments or handles payment card data, it must comply with PCI DSS. Here are the 12 key requirements set by PCI DSS – Install and maintain a firewall configuration to protect data Do not use vendor-supplied defaults…