Thanks jack! I've already gone through the CSA document, found it very helpful!
Sent from my iPhone On Mar 5, 2013, at 10:17 AM, Jack Daniel <[email protected]> wrote: > Hello Dimitrios > > I hate to take the easy way out, but I would suggest checking out the > CSA (Cloud Security Alliance) guidance, they have a lot of good > reference materials: https://cloudsecurityalliance.org/ > > Their latest guidance has become a bit bloated IMHO, but it is still very > good. > > To state the obvious, if security matters, you need to design your > implementations as if they are running on untrustworthy hardware. > Because they are. Control your own crypto, manage your own keys, > instrument and monitor, firewall like mad, etc. > > > Jack > > On Mon, Mar 4, 2013 at 12:00 PM, Dimitrios Kapsalis <[email protected]> > wrote: >> Hi All, >> >> I'm looking for any resources you may be able to provide regarding assessing >> cloud multi-tenancy environments. I understand that many of the controls >> tested when assessing a data center, network, or application would still >> apply, however is there anything to keep in mind? >> >> Regards. >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > > -- > ______________________________________ > Jack Daniel, Reluctant CISSP > http://twitter.com/jack_daniel > http://www.linkedin.com/in/jackadaniel > http://blog.uncommonsensesecurity.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
