Required Advise for Cloud Security Assessment
HI there, is it good to find out these questions before conducting a IT security assessment on the cloud?
What is the type of cloud services that is required to be tested a. Infra as a Service – Amazon, Rackspace b. Software as a Service – component required to run the app is supplied, tenant will supply the app c. Platform as a Service – Salesforce, mailchimp 2. Is there root access provided for the IaaS? 3. Are you using an on-premise tools or a cloud based for VA? 4. Are you using the CSP provider for other purpose rather than hosting a website? (Containers, Kubernetes, Dockers) 5. For the API are you using different cloud service provider?
I am not sure exactly what your question is, but it appears you may be going through a CSA Star assessment. AWS goes through several security/compliance assessments each year (https://aws.amazon.com/compliance/services-in-scope/) including CSA Star (https://aws.amazon.com/compliance/iso-certified/). Have a look at the links and if you can clarify your question I can try to be more specific.
Relevant questions
Managed Blockchain and Cloud Storage
asked 2 months agoAssessment Questionaire for AWS workloads moving to AWS - Amazon Managed Services
asked 5 months agoIs there a way to generate the network diagram to increase the visibility
asked 6 months agoImplement Security on the Web Application Without Touching the Web Application
asked 6 months agoSecurity Hub and Cloudwatch Events
Accepted Answerasked 3 years agoRequired Advise for Cloud Security Assessment
asked 5 months agoDeepLens - How to fix "The security token included in the request is invalid"?
asked 2 months agoWhy VPN is not in the HIPAA compliant services while Transit Gateway is?
Accepted Answerasked 2 years agoCan I set a security group for each workspace that is launched?
asked 3 months agoIs there an ip-block for whitelisting?
asked a year ago