SECURITY CHECKLIST Recommendations for CLOUD CUSTOMERS

1
SECURITY CHECKLIST
Recommendations for CLOUD CUSTOMERS
_at_infosectrain
SWIPE LEFT
2
01
Protection of Data in Transit and Data at Rest
Since data in transit is vulnerable to
interception by malicious outsiders, making it a
critical security risk, organizations need to
encrypt data both at rest in cloud containers,
and in transit.
3
02
Asset Protection
Security teams should implement security policies
across all digital assets and also secure the
data held on apps and control access to those
apps.
4
03
Visibility and Control
Security teams should maintain visibility and
control of the cloud assets by monitoring data,
usage and user behavior and putting in place
systems that alerts the administrator of any
unexpected activity.
5
04
Trusted Security Marketplace and Partner Network
Can you trust your cloud provider? If not, find
another one. Choose a CSP that implements
security best practices, meets CSA or ISO
standards and harmonizes their services with
your companys compliance standards.
6
05
Secure User Management
User access management tools or Identity
and Access Management Systems (IAM) must be
applied wherever users can access cloud assets
to ensure total visibility and security.
7
06
Compliance and Security Integration
All cloud deployments must comply with relevant
data security regulations. This applies to
all companies dealing with client data, including
personally identifiable information (PII).
8
07

• Identity and
• Authentication
• Protect cloud infrastructure with 2-factor
• authentication (2FA) tools that demand more than
  just password credentials. This limits the
  ability of
• attackers to breach cloud perimeters.

9
08
Operational Security
Operational security controls must be used to
neutralize common cloud threats by
managing vulnerabilities, tracking activity and
monitoring threats, and responding to attacks to
limit the damage.