0333 358 2222

Understanding and implementing the 14 Cloud Security Principles – Part 6: personnel security

In our latest blog post covering the 14 Cloud Security Principles and the National Cyber Security Centre’s (NCSC) guidance on how to configure, deploy and use cloud services securely, it’s time to look at principle number 6: personnel security.

What is personnel security?

Personnel security is a combination of policies and procedures that aim to mitigate the risk of individuals exploiting their legitimate access to that business’s assets for unauthorised purposes.

In this specific area, the ‘individuals’ referred to are the personnel employed by your service provider. Certain of these personnel will have access to your company’s data and its systems, therefore you require a high degree of confidence that they are trustworthy. High level screening and regular security training can reduce the possibility of an accidental or malicious compromise by service provider personnel. As such, all providers should make it very clear how they screen and manage personnel within privileged roles.

Goals

In relation to personnel security there are two specific goals. “You should be confident that:

• the level of security screening conducted on service provider staff with access to your information, or with ability to affect your service, is appropriate

• the minimum number of people necessary have access to your information or could affect your service”

The next step, after reading this blog post, is to contact your service provider and ask them how they screen their personnel and what types of security training do they provide. If your service provider is unable to answer these questions, or is unwilling to offer you any answers, we recommend reviewing your contract!

If you have any specific queries concerning personnel security or any of the other Cloud Security Principles we have explored so far on our blog, please feel free to contact a member of the team here at etiCloud – we’ll be very happy to help in any way we can.

Next up: Secure development

 

Speak to the experts

Call our team and you'll speak to someone who really understands our products and can give you an estimated quote, no hassle, no obligation.

0333 358 2222