Question

Develop a process to assess the security posture of the service provider.

1. What security requirements should your organization have?
2. Define security requirements in a cloud-based environment that should be part of your standard.

Answer 1

1. This shared security responsibility model can reduce your operational burden in many ways, and in some cases may even improve your default security posture without additional action on your part.

2. The organization's security requirements are: the first requirement is to develop security measures and determination of the most appropriate method to use security control performance.

To measure agencies' data potential program level or system level performance including system security risk assessment report.

Selected information security measures may address the security performance of specific security controls, groups of related or interdependent controls, an information system, or security function, service, or program spanning multiple systems.

The set of measures with potential applicability security performance drivers and objectives is typically large and diverse. To overcome the challenges comprehensive measurement would present, agencies need to prioritize performance objectives and implemented measures to ensure that selected measures provide appropriate coverage for security controls and information systems categorized at higher risk levels.

3.Cloud security standards and their support by prospective cloud service providers and within the enterprise should be a critical area of focus for cloud service customers. The benefits of supporting key security standards are

• Standards promote interoperability, eliminating vendor lock-in and making it simpler to transition from one cloud service provider to another.

• Standards facilitate hybrid cloud computing by making it easier to integrate on-premises security technologies with those of cloud service providers.

• Standards provide a level of assurance that critical best practices are being followed both internally within an enterprise and by cloud service providers – certifications are available for several security standards.

• Standards support provides an effective means by which cloud service customers can compare and contrast cloud service providers.

• Standards support enables an easier path to regulatory compliance.

These types of security standards specifically define APIs, data structures and communication protocols that must be implemented to claim support for the standard. There can be test suites associated with these standards that enable implementers to demonstrate compliance to the standard and there can also be mechanisms to demonstrate interoperability between different implementations. In many cases, such standards allow for extensibility, permitting implementers to include functions that go beyond those defined in the standard.

From a security perspective, it is important that once the customer has completed the exit process, "reversibility" or "the right to be forgotten" is achieved – that is, none of the customer's data should remain with the provider. The provider must ensure that any copies of the data are wiped clean from the provider's environment, wherever they may have been stored.