re: How to be Secure in the Cloud VIEW POST

FULL DISCUSSION
 

Excellent introduction Aditi, thanks!

If people want to dig a little deeper, particularly where standards compliance is concerned, then all major cloud vendors provide a 'shared responsibility' matrix, detailing which bits of the stack they will actually be auditable for, and what's left for you, eg: for PCI-DSS on Azure: microsoft.com/en-us/trustcenter/co...

I would also recommend a visit to the Cloud Security Alliance, and their excellent cloud controls matrix document:
cloudsecurityalliance.org/artifact...

Interestingly our PCI-DSS assessor is not at all keen on putting services into a truly public cloud (distributed shared infrastructure), as it's very difficult to draw a boundary and declare physically what's within the card holder data environment (CDE) and what's not: discussion continues...

code of conduct - report abuse