For organisations that are planning ‘Cloud First’ Transformation strategies, our Cloud Security Architecture Assessment Service gives you an objective assessment of your compliance readiness with the 14 Cloud Security Principles (14 CSPs), or the Cloud Security Alliance’s Cloud Controls Matrix (CSA CCM). Our Cloud Security Architecture Assessment Services is listed on the G-Cloud 11 Framework under Lot ‘Cloud Support’.
Both the 14 CSPs and the CSA CCM are applicable to and highly recommended for any organisation offering Cloud services. The frameworks are also applicable to organisations that use the Cloud for internal hosting of corporate data or services. Compliance with either of these standards is achieved by adopting appropriate controls to meet the specified criteria defined within each framework. Compliance requires a systematic review of services and processes with respect to Cloud infrastructure and how it is managed with respect to a data lifecycle.
1. Data in transit protection
2. Asset protection and resilience
3. Separation between users
4. Governance framework
5. Operational security
6. Personnel security
7. Secure development
8. Supply chain security
9. Secure user management
10. Identity and authentication
11. External interface protection
12. Secure service administration
13. Audit information for users
14. Secure use of the service
1. Application & Interface Security
2. Audit Assurance & Compliance
3. Business Continuity Management & Operational Resilience
4. Change Control & Configuration Management
5. Data Security & Information Lifecycle Management
6. Datacenter Security
7. Encryption & Key Management
8. Governance and Risk Management
9. Human Resources
10. Identity & Access Management
11. Infrastructure & Virtualization Security
12. Interoperability & Portability
13. Mobile Security
14. Security Incident Management, E-Discovery & Cloud Forensics
15. Supply Chain Management, Transparency & Accountability
16. Threat and Vulnerability Management
Our Cloud Security Architecture Assessment Service begins with an on-site readiness assessment of your conformance to the requirements outlined by the 14 CSPs, or the CSA CCM, focusing on your people, processes and technology. It includes interviews with senior stakeholders within the organisation responsible for cloud services, a high-level review of documentation, and a review of the information security management system (ISMS), technical controls and processes.
Following the readiness assessment, you will be given a detailed report highlighting the findings of our visit. This report will document non-compliances and areas of improvement that will need to be addressed in order to meet the requirements of the framework. We can provide further consultancy support and advice to help remediate any identified gaps.
A market leading online financial products provider engaged Cyber Smart Associates to help guide their cyber security improvement and GDPR compliance journey. They needed to understand and demonstrate their InfoSec & Data Privacy Risk position, & wanted customers to have confidence and trust in their services. Cyber Smart Associates reviewed the Integration of their people with processes & technology, & steered their IT Delivery Organisation down a smooth path towards robust and resilient application development culture – while avoiding the common pitfalls that can waste time, effort and money.