Page 1074 - Cloud computing: From paradigm to operation
P. 1074

7                                                     Security


            13      Communications security

            13.1    Network security management

            The objective specified in clause 13.1 of ISO/IEC 27002 applies.

            13.1.1  Network controls
            Control 13.1.1 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.
            13.1.2  Security of network services

            Control 13.1.2 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.

            13.1.3  Segregation in networks

            Control 13.1.3 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply. The following sector-specific guidance also applies.

            Implementation guidance for cloud services

                          Cloud service customer                          Cloud service provider

             The cloud service customer should define its     The cloud service provider should enforce segregation
             requirements for segregating networks to achieve   of network access for the following cases:
             tenant isolation in the shared environment of a cloud   –  segregation between tenants in a multi-tenant
             service and verify that the cloud service provider meets   environment;
             those requirements.
                                                              –  segregation between the cloud service provider's
                                                                internal administration environment and the cloud
                                                                service customer's cloud computing environment.
                                                              Where appropriate, the cloud service provider should
                                                              help the cloud service customer verify the segregation
                                                              implemented by the cloud service provider.

            Other information for cloud services
            Laws and regulations can require the segregation of networks or the isolation of network traffic.

            13.2    Information transfer

            The objective specified in clause 13.2 of ISO/IEC 27002 applies.

            13.2.1  Information transfer policies and procedures
            Control 13.2.1 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.
            13.2.2  Agreements on information transfer

            Control 13.2.2 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.

            13.2.3  Electronic messaging

            Control 13.2.3 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.

            13.2.4  Confidentiality or non-disclosure agreements
            Control 13.2.4 and the associated implementation guidance and other information specified in ISO/IEC 27002
            apply.




            1066
   1069   1070   1071   1072   1073   1074   1075   1076   1077   1078   1079