Application Security Checklist Points for IaaS, PaaS, SaaS

 18.Cloud Security

IaaS
PaaS
SaaS
Trusted virtual machine images Consideration
Compliance to standards  Multi-factor Authentication
Application Security Scanning Encryption of logs End point Security Measures; Antivirus & IPS
Host based Intrusion Detection/Prevention Proper key and log management Login History & Reports from SaaS vendors
Mechanism to block and filter information traffic based on IP and ports User Authentication Security Policy for Data in Transmit
Key management Account Management Security Policy for Data in Rest
Data is secured in transmission using SSL (HTTPS) or mutual SSL.  Application Vulnerability scanning Security Policy for Data in Use
Log & Event management End point Security Measures; Antivirus & IPS Data is secured in transmission using SSL (HTTPS) or mutual SSL. 
Evaluation of Threat/Security/Trust Model Application layer logging frameworks  Application layer logging frameworks 
Certification - SAS 70 II, ISO 2700X Data is secured in transmission using SSL (HTTPS) or mutual SSL.  Compliance to standards 
Application firewall Platform independence
At the back-end, data is protected with database encryption and roles-based access control.

Labels: , , ,