Cloud Security
Cloud security is one of Security Centric's more popular engagements. Using expertise gained in providing National Security Classified Infrastructure as a Service (IaaS) to the Department of Defence, Security Centric's consultants can ensure that shared cloud infrastructure is providing adequate levels of information confidentiality, integrity and availability.
There are two reasons for requesting this type of service:
-
We audit a customer's cloud provider in order for the customer to obtain an unbiased third-party expertise assessment that their data is being managed in a secure manner, with the appropriate safeguards in place. This is often a periodic activity to ensure continued compliance.
-
We audit providers' environments in order for the provider to demonstrate to their customer base that their cloud service maintains adequate levels of separation and protection. This includes both confidentiality and integrity of the data.
We use a number of techniques to evaluate, and optionally secure, cloud or shared hosting environments. These techniques are proven, fielded and mature, and as always at Security Centric, they are based on formal engineered standards including:
- NIST SP800-144, 145, 146
- Cloud Computing Information Assurance Framework - European Network and Information Security Agency
- Cloud Computing Security Risk Assessment - European Network and Information Security Agency
- Cloud Controls Matrix - Cloud Security Alliance
- Consensus Assessments Initiative - Cloud Security Alliance