PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Request: Cloud multi-tenancy environment assessment resources

From: Jack Daniel <jackadaniel () gmail com>
Date: Tue, 5 Mar 2013 11:17:18 -0500
Hello Dimitrios

I hate to take the easy way out, but I would suggest checking out the
CSA (Cloud Security Alliance) guidance, they have a lot of good
reference materials: https://cloudsecurityalliance.org/

Their latest guidance has become a bit bloated IMHO, but it is still very good.

To state the obvious, if security matters, you need to design your
implementations as if they are running on untrustworthy hardware.
Because they are.  Control your own crypto, manage your own keys,
instrument and monitor, firewall like mad, etc.


Jack

On Mon, Mar 4, 2013 at 12:00 PM, Dimitrios Kapsalis <dimitrios () gmail com> wrote:

Hi All,

I'm looking for any resources you may be able to provide regarding assessing
cloud multi-tenancy environments. I understand that many of the controls
tested when assessing a data center, network, or application would still
apply, however is there anything to keep in mind?

Regards.

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




--
______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://www.linkedin.com/in/jackadaniel
http://blog.uncommonsensesecurity.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: