Re: [Pauldotcom] Request: Cloud multi-tenancy environment assessment resources

[Chris Campbell]

PCI-DSS has been updated for cloud which may be of interest. https://www.pcisecuritystandards.org/pdfs/PCI_DSS_v2_Cloud_Guidelines.pdf Jack Daniel 5 March 2013 16:17 Hello Dimitrios I hate to take the easy way out, but I would suggest checking out the CSA (Cloud Security Alliance) guidance, they have a lot of good reference materials: https://cloudsecurityalliance.org/ Their latest guidance has become a bit bloated IMHO, but it is still very good. To state the obvious, if security matters, you need to design your implementations as if they are running on untrustworthy hardware. Because they are. Control your own crypto, manage your own keys, instrument and monitor, firewall like mad, etc. Jack -- ______________________________________ Jack Daniel, Reluctant CISSP http://twitter.com/jack_daniel http://www.linkedin.com/in/jackadaniel http://blog.uncommonsensesecurity.com _______________________________________________ Pauldotcom mailing list Pauldotcom@mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Dimitrios Kapsalis 4 March 2013 17:00 Hi All, I'm looking for any resources you may be able to provide regarding assessing cloud multi-tenancy environments. I understand that many of the controls tested when assessing a data center, network, or application would still apply, however is there anything to keep in mind?  Regards. _______________________________________________ Pauldotcom mailing list Pauldotcom@mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom@mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com