Cloud computing offers several key advantages to organizations, including reduced costs, automation, hardware independence, high availability, and increased flexibility. Use of cloud technology also alters the risk landscape, impacting confidentiality, privacy, integrity, regulatory compliance, availability, and e-discovery, as well as incident response and forensics. Therefore, it is important to ensure that proper security controls are in place.
McAfee Strategic Security Services' Cloud Computing Security Assessment covers all the major cloud computing architectures, including Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS).
As a cloud computing service provider or as a private cloud host, McAfee Strategic Security Services creates a custom engagement that assesses the implementation’s physical and application security. McAfee Strategic Security Services then provides a letter of attestation to disseminate to your new and current customers, assuring them that your cloud solution is secure.
McAfee Strategic Security Services' methodology for each engagement is based on our overall assessment approach that includes:
Architecture & Design Assessment
In the Architecture & Design Assessment phase, McAfee Strategic Security Services consultants examine:
Cloud Infrastructure Security Assessment
In the Cloud Infrastructure Security Assessment, McAfee Strategic Security Services consultants examine the logical network, applications, and services hosted by the cloud. Key services in this assessment may include the following:
Governance, Policies & Procedures Review
The policies, procedures, and regulations followed by your organization may not be consistent with security best practices. The vendor’s policies and procedures are compared against industry best practices and regulatory compliance requirements that are specific to your organization. Based on the results, policies, procedures, and service legal agreements can be developed to bridge identified gaps. The areas covered as part of this review include:
All McAfee Strategic Security Services projects are managed using our proven Security Engagement Process (SEP). A critical aspect of this process is continual communication with your organization to ensure the success of the engagement. The duration of this engagement depends on the size and nature of your cloud computing efforts and project scope.