13 April 2012

Cloud Service Provider Monitoring

The European Network and Information Security Agency (ENISA) has published a new guide on monitoring the security of cloud services throughout the project life-cycle.

Part of a page from ENISA's 'Procure Secure: A Guide to Monitoring of Security Service Levels in Cloud Contracts' showing some of the extensive cloud service provider monitoring examples

Procure Secure: A Guide to Monitoring of Security Service Levels in Cloud Contracts defines an ongoing security monitoring framework comprised of:

  • Service availability
  • Incident response
  • Service elasticity and load tolerance
  • Data life-cycle management
  • Technical compliance and vulnerability management
  • Change management
  • Data isolation
  • Log management and forensics

The concept is to provide continuous cloud-specific service level metrics in-between one-off or periodic assessments (e.g. using information technology audit standards such as ISO 2700x, SSAE 16 or ISAE 3402). For each suggested monitoring parameter examples are provided to help guide what to measure, how to measure it, how to obtain independent measurements, alerting & reporting thresholds and customer responsibilities.

Although there is a focus on public procurement, the issues are equally relevant in the private sector. There is also a 9-page checklist guide to the document "if you have little time available".

Posted on: 13 April 2012 at 08:20 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter


Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
Cloud Service Provider Monitoring
ISO/IEC 18004:2006 QR code for https://clerkendweller.uk

Page https://www.clerkendweller.uk/2012/4/13/Cloud-Service-Provider-Monitoring
Requested by on Thursday, 26 November 2015 at 10:29 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use https://www.clerkendweller.uk/page/terms
Privacy statement https://www.clerkendweller.uk/page/privacy
© 2012-2015 clerkendweller.uk