Cloud Security # 4

Your cloud provider should have a security governance framework which coordinates and directs its management of the service and information within it.

Having an effective governance framework will ensure that procedure, personnel, physical and technical controls continue to work through the lifetime of a service.

It should also respond to changes in the service, technological developments and the appearance of new threats.

You need to know that the following is covered within the cloud providers governance framework;

Clearly identified, and named, board representative or delegate i.e. the CSO or CISO.

Documented framework for security governance, with policies governing key aspects of information security relevant to the service. This would normally be checked a part of your supplier due diligence process.

Security and information security are part of the service provider’s financial and operational risk reporting mechanisms, ensuring that the board would be kept informed of security and information risk.

Procedures and Processes to identify and ensure compliance with applicable legal and regulatory requirements.

Tomorrow - Operational Security