Part of Cloud security – good practice guide
6. Step 4 - monitor
Like any other system, once implemented you cannot forget about security and risk. It needs to be proactively monitored and managed.
6.1 Manage known risk
If there are any residual risks, these need to be documented and pro-actively managed.
6.2 Monitor cloud service
Cloud services offered by providers are most likely to continually evolve. You need to make sure that your vendor keeps you informed of any changes that may affect, in a detrimental way, the security of your system and data.
Similarly, your vendor should supply updated proof of certifications and assessments on a regular basis.
6.3 Monitor controls
The service user is responsible for implementing and maintaining certain security controls. These should be reviewed and audited on a regular basis.
Last edited: 1 March 2022 7:32 am