- Help Center
- Security Services
- Cloud Security
-
Cloud Infrastructure
-
Cloud Data Protection
-
Cloud Productivity
-
Cloud Security
- Cloud Endpoint Security
- Cloud Endpoint Detection & Response
- Cloud Network Detection & Response
- SSL Certificates
- Vulnerability Scanning
- Cloud Web Application Firewall
- Secure Internet Access
- Secure Private Access
- Cloud User Behaviour
- Cloud User Activity Monitoring
- Unified Threat Management
- Cloud DLP
- Cloud Log Management
- Cloud Patch Management
- Cloud Encryption
- Cloud IAM
- Cloud Password Manager
- Cloud Priviledge Access Management
-
Security Services
- Azure Firewall
- Azure WAF
- Azure Security Center
- Managed SOC
- Managed SIEM
- Managed Firewall Services
- Managed VAPT Services
- Security Audits
- Network Security
- Wireless Audits
- Configuration Audits
- Network Penetration Testing
- Application Penetration Testing
- Mobile Penetration Testing
- IOT Penetration Testing
- Database Penetration Testing
- Website Penetration Testing
- Vulnerability Management
- Managed Endpoint Protection
- Managed Endpoint Detection & Response
- Managed Network Detection & Response
- Managed Detection & Response
- Managed Threat Hunting
- Managed Threat Intelligence
- Managed UEBA
- Managed Data Leak Prevention
- Managed Privileged Access Management
- Managed Web Application Firewall
- Managed DDoS
- Managed Secure Wi-Fi
- Managed Network Access Control
- Managed Network DLP
- Container Security
- Managed SOAR
- Managed DevSecOps
- Managed Incident Response
- Digital Forensics
- Managed Breach & Attack Simulation
- Red Team Assessment
- Managed Decoy-as-a-Service
- Blue Team Assessment
- Managed IOT
- Managed SCADA Security
- Cloud Security
- Azure Log Analytics
- Azure Active Directory
- Managed Azure Sentinel
-
Managed Services
-
Web Presence
-
Billing
-
Cloud DRaaS
How to assess the security of a cloud service provider
Ways to assess the security of a cloud service provider.
Assessing cloud security
There are a number of ways to assess a cloud service provider's security, from inspecting their premises to questioning if the provider has some third party validation or accreditation to back up the service contract, and here are a few items that are important to do:
- Identify what type of cloud-based services you want
Really nail down your personal or company needs–you don't want to end up with the wrong service or paying for the features you don't need; - Identify who your data controller is
Organizations or businesses processing personal data must identify who is the controller of their data. Like it or not, this is the person who will be legally held to account for the results, even if he is in the cloud–yes, a shared problem is still your problem! - Decide what level of information assurance your data requires
You need to determine the effect your business/individuals would have on the loss of that data. This will decide the level of service needed in terms of confidentiality (how much protection does the data need in transit and storage, for example, will it be encrypted at all times?); Integrity (the more integrity a cloud service has, the more sure you will be that data won't be interfered with); and consistency (how available do you want your data to always be, e.g. instant access?) These standards should all be stipulated very clearly in a written contract or a service level agreement. - Check where your data is being stored
The Data Protection Act 1998 lists trusted areas as the European Economic Area (EEA), US companies party to the Safe Harbor agreement, and countries of "Adequacy".With some of the larger cloud service suppliers that have 24/7 "follow-the-sun" operations, this may very well mean that the data is supported and processed from countries that do not fall within the three trust categories described above, potentially placing your personal data at risk.