Cloud Computing

Cloud Computinghttp://www.checklist20.com/bestpractices.htmlCloud ComputingAudit release management and production change management process http://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=474&tn=Audit release management and production change management process If changes made by CSP is not properly managed tenant's services will be impacted ...  View More]]>Review information security policy of the cloud service providerhttp://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=472&tn=Review information security policy of the cloud service providerInformation stored with the cloud service provider is the key to the kingdom.  Sound information security policies protects tenant's data. ...  View More]]>Review incident management and reporting http://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=473&tn=Review incident management and reporting To triage security related events and ensure timely and thorough incident management a robust incident management process and procedure need to be in place. ...  View More]]>Ensure layered defense, multi-level authentication & access controls are implemented to access networkhttp://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=460&tn=Ensure layered defense, multi-level authentication & access controls are implemented to access networkAccess by  unauthorized internal or external persons need to be controlled by layered defense with multiple authentication and access controls. ...  View More]]>Develop and implement facility and physical security policy http://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=470&tn=Develop and implement facility and physical security policy Insufficient physical controls to facilities has huge exposure to data theft. ...  View More]]>Limit use of live production data in the non-production environment http://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=469&tn=Limit use of live production data in the non-production environment Non-production env. has less security controls compared to the production env. Replicating  the production data in non-production env. introduces additional risks. ...  View More]]>Validate secure disposal or removal of data http://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=468&tn=Validate secure disposal or removal of data Data theft during disposal of data ...  View More]]>Evaluate disaster recovery and business continuity process http://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=467&tn=Evaluate disaster recovery and business continuity process Loss of corporate data and or data processing activities that support mission critical applications and services. ...  View More]]>Review encryption key management process http://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=466&tn=Review encryption key management process If encryption keys  are not securely protected against unauthorized access sensitive data might be exposed. In addition,  separation of duties between the key managers and the hosting organization provides additional control to ...  View More]]>Verify data management and backup process http://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=465&tn=Verify data management and backup process Backing up data in databases and file systems is key to recover the systems back to normal state in case of a disaster or user error. ...  View More]]>Ensure the protection of data-at-rest against the deliberate or accidental access of unauthorized persons http://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=464&tn=Ensure the protection of data-at-rest against the deliberate or accidental access of unauthorized persons Data is  securely stored  and maintained to prevent unauthorized access and modification. ...  View More]]>Ensure the protection of in-transit data against the deliberate or accidental access of unauthorized persons http://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=463&tn=Ensure the protection of in-transit data against the deliberate or accidental access of unauthorized persons Data is  securely transmitted and maintained to prevent unauthorized access and modification. ...  View More]]>Ensure SLAs with the cloud service provider covers all the legal, regulatory and business requirements http://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=462&tn=Ensure SLAs with the cloud service provider covers all the legal, regulatory and business requirements Clearly defined service level agreements with the cloud service provider that  help set the expectation with the business users' requirements. ...  View More]]>Classify data stored with the cloud service providers http://www.checklist20.com/bestpractices.html#cid=171&cn=Cloud Computing&tid=461&tn=Classify data stored with the cloud service providers Data classification helps protect the most sensitive data stored in the cloud infrastructure and providing higher level of security controls ...  View More]]>