Most Popular
How to become a better Speaker
Seven Mistakes to Avoid in Your
Building Your Own Personal Learning Curriculum
Cloud security guidance
How to choose, configure and use cloud services securely.
If you want to store and process data in the cloud, or use cloud platforms to build and host your own services, this guidance will help you do so securely.
Cloud usage continues to grow steadily, both in volume and the type of services being built and hosted in it. In fact, cloud is usually the preferred option when organisations procure new IT services, as reflected in the Kenyan government’s Cloud First Policy.
Against this background, it’s essential that new services are chosen and built in a way which reflects their security needs.
Who is this guidance for?
All organisations can use this guidance to navigate the sometimes confusing array of technologies which make up ‘the cloud’, and the management models which underpin their use.
More particularly:
- If you’re already using cloud services, refer to the section on assessing the security of your chosen services when considering new and updated additions or modifications. To audit you existing deployments, refer to the actions in Using cloud services securely.
- If you don’t hold or process sensitive data, you may find the lightweight approach to cloud security most useful.
- If you’re a larger business/enterprise (including the public sector), you should choose a cloud provider using the cloud security principles. Once you have chosen one you should configure and use your chosen cloud service securely as required by the shared responsiblity model.
This collection contains:
Introduction to cloud security
Defining some common terms, and providing background on the various sections of this guide.
Understanding cloud services
Cloud services can be seen from a number of perspectives. This section considers:
- service models and deployment models
- the ‘shared responsibility model’ used by many cloud providers to handle day-to-day management of security
- two specific security techniques; separation and cryptography
Choosing a cloud provider
The cloud security principles and how to use them, along with our lightweight security framework and some vendor responses to the principles.
Using cloud services securely
Some actions that customers of cloud services will need to take. This includes advice for cloud platforms and software as a service (SaaS), and those looking to lift and shift into the cloud.