Cloud Security Principle 12: Secure service administration

Serviceteam IT Security News

The design, implementation and management of administration systems should follow enterprise good practice, whilst recognising their high value to attackers.

Goals

You should: 

  • understand which service administration model is being used by the service provider to manage the service
  • be content with any risks the service administration model in use brings to your data or use of the service

Implementation – Secure service administration

This table references our guidance on the five basic systems administration models 

Approach

Description

Guidance

Unknown service management architecture

The service provider has not disclosed this information.

In this case it would be prudent to assume that the risks associated with the Direct service administration approachare present.

Known service management architecture

The service provider has identified which systems administration model is used to administer the service.

To understand the risks associated with different systems administration models see the corresponding row in our guide.

The level of assurance you have that the service provider’s assertions are correct can vary. You can obtain independent assurance from a suitably qualified security architect.

Other

The service provider may believe that their systems administration approach is not covered by one of the models described in our guide.

In this case it will be for you to make your own assessment about the risks associated with the service provider’s administration approach.

Additional notes – Protecting administration devices

An important aspect of securing privileged administration interfaces is the security of the end user devices used for administration. It is important for you, as well as the service provider, to ensure that devices used for particularly privileged activities as well protected. For example, they should not be used for directly browsing the web or reading email, as these are high risk activities for someone to perform from a device used for administration.

< last principle   next principle >

Source: NCSC

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

/by
You might also like
Serviceteam IT Security News I’m still on Windows 7 – what should I do?
Serviceteam IT Security News CyberUK: the unsung heroes of cyber security
Serviceteam IT Security News Bulk Data: 8-15 How is your system designed, implemented and operated?
Serviceteam IT Security News Looking forward to the CyberUK Strategy day
Serviceteam IT Security News Microsoft Provides Guidance on Mitigating DDE Attacks
Serviceteam IT Security News Updated Chrome OS and Ubuntu Guidance