Cloud environment and information security scope/boundaries
Assign topic to the user
Additionally, where does the responsibility and accountability fall in this type of model.
Answer: The main concern regarding information security in cloud environments when it is provided by cloud service providers is the level of access the providers will have to the organization's information and systems, because this will have a direct impact in the controls that will have to be implemented to each party, and in the contractual clauses that will have to be included in the service agreement with the providers.
For example, a IaaS provider will not have access to the organization's systems, only to the physical infrastructure. On the other hand, a SaaS provider will have access to systems and data. So these two scenarios will require completely different security requirements to be fulfilled.
This article will provide you further explanation about scope considering cloud environments:
- Defining the ISMS scope if the servers are in the cloud https://advisera.com/27001academy/blog/2017/05/22/defining-the-isms-scope-if-the-servers-are-in-the-cloud/
Comment as guest or Sign in
Nov 08, 2017