Required Advise for Cloud Security Assessment

Question

HI there, is it good to find out these questions before conducting a IT security assessment on the cloud?

What is the type of cloud services that is required to be tested
a.	Infra as a Service – Amazon, Rackspace
b.	Software as a Service – component required to run the app is supplied, tenant will supply the app
c.	Platform as a Service – Salesforce, mailchimp
2.	Is there root access provided for the IaaS?
3.	Are you using an on-premise tools or a cloud based for VA?
4.	Are you using the CSP provider for other purpose rather than hosting a website? (Containers, Kubernetes, Dockers) 
5.	For the API are you using different cloud service provider?

Answer

I am not sure exactly what your question is, but it appears you may be going through a CSA Star assessment. AWS goes through several security/compliance assessments each year (https://aws.amazon.com/compliance/services-in-scope/) including CSA Star (https://aws.amazon.com/compliance/iso-certified/). Have a look at the links and if you can clarify your question I can try to be more specific.

Required Advise for Cloud Security Assessment

相關內容