Procure Secure: A guide to monitoring of security service levels in cloud contracts
A practical guide aimed at the procurement and governance of cloud services. This guide provides advice on questions to ask about the monitoring of security. The goal is to improve public sector customer understanding of the security of cloud services and the potential indicators and methods which can be used to provide appropriate transparency during service delivery. One-off or periodic provider assessments are a vital component of effective security management. However, they are insufficient without additional feedback in the intervals between assessments: they do not provide real-time information, regular checkpoints or threshold based alerting, as covered in this report.
Publication date: Apr 02, 2012
Dr. Giles Hogben, Dr. Marnix Dekker, ENISA
On Monday, as part of its effort to help put Europe back on track with cloud services adoption, ENISA - the public agency responsible for the security of Europe's information services - published a new set of surprisingly legible recommendations for not just public-sector firms, but private sector firms as well, on how to evaluate a cloud service provider's (CSP) performance during a security event and determine whether it's living up to the terms spelled out by their SLAs.