Configuration and change management
Posted: Thu Feb 20, 2025 5:46 am
7. Identity and authentication
The cloud provider must ensure that access to any service interface is limited to authorized and authenticated individuals only.
When it comes to providers, you want a service that offers identity and authentication features, including username and password, two-factor authentication, TLS client certificates , and identity federation with your existing identity provider.
You also want the ability to restrict access to a dedicated line, company or community network. A good provider only delivers authentication over secure channels – such as HTTPS – to prevent interception.
Be sure to avoid services with weak authentication practices. This will expose your systems to unauthorized access leading to data theft, changes to your service, or a denial of service. Also avoid authentication via estonia phone number data email, HTTP, or phone.
They are extremely vulnerable to social engineering and interception of identity and authentication credentials.
8. Operational safety
When selecting a cloud service, look for a provider that implements strong operational security to detect and prevent attacks. This should cover four basic elements:
You want a provider that offers transparency into the assets that make up the service, including any configuration or dependencies. They should inform you of any changes to the service that may impact security to ensure that vulnerabilities do not occur.
Vulnerability management
Your vendor should have a vulnerability management process in place to detect and mitigate any new threats to your service. You should be kept informed of these threats, their severity, and the planned threat mitigation schedule, including resolution.
The cloud provider must ensure that access to any service interface is limited to authorized and authenticated individuals only.
When it comes to providers, you want a service that offers identity and authentication features, including username and password, two-factor authentication, TLS client certificates , and identity federation with your existing identity provider.
You also want the ability to restrict access to a dedicated line, company or community network. A good provider only delivers authentication over secure channels – such as HTTPS – to prevent interception.
Be sure to avoid services with weak authentication practices. This will expose your systems to unauthorized access leading to data theft, changes to your service, or a denial of service. Also avoid authentication via estonia phone number data email, HTTP, or phone.
They are extremely vulnerable to social engineering and interception of identity and authentication credentials.
8. Operational safety
When selecting a cloud service, look for a provider that implements strong operational security to detect and prevent attacks. This should cover four basic elements:
You want a provider that offers transparency into the assets that make up the service, including any configuration or dependencies. They should inform you of any changes to the service that may impact security to ensure that vulnerabilities do not occur.
Vulnerability management
Your vendor should have a vulnerability management process in place to detect and mitigate any new threats to your service. You should be kept informed of these threats, their severity, and the planned threat mitigation schedule, including resolution.