0333 358 2222

Understanding and implementing the 14 Cloud Security Principles – Part 9: secure user management

In our latest blog post covering the 14 Cloud Security Principles and the National Cyber Security Centre’s (NCSC) guidance on how to configure, deploy and use cloud services securely, it’s time to look at principle number 9: secure user management.

 

What is secure user management?

Secure user management refers to the organising and managing of the various the interfaces and procedures that form a key element of the security barrier around your cloud services. They are there to prevent unauthorised access and alteration of your company’s resources, applications and data.

 

In order to maintain a secure service, any user you want to allow ‘secure user management’ privileges to will need to be fully authenticated before they are able to carry out management activities, report faults or request any changes you, or they as instructed, may wish to make to the service. 

 

This may be done via a web portal or phone or email and it is imperative that your service provider ensures any management request is performed over a secure and authenticated channel. If not, imposters may be able to execute privileged actions and challenge the security of the service itself and business data.

 

Goals

In relation to secure user management there are two goals to achieve. “You should be confident that:

 

 

At the same time, you must also be aware that many cloud services are managed via web applications or APIs. Users must be adequately separated within such management interfaces as one user may be able to affect the service or even modify the data of another. Limiting permissions of individual users to just those who are absolutely necessary can help to limit any potential damage from malicious users or compromised devices and this can be achieved by implementing role-based access.

 

Goals

When looking at limiting permissions and role-based access, there are three goals to reach. “You should:

 

If you have any specific queries concerning secure user management or any of the other Cloud Security Principles we have discussed in previous posts, feel free to contact us – we’ll be more than happy to help.

Next up: Identity and authentication

 

Speak to the experts

Call our team and you'll speak to someone who really understands our products and can give you an estimated quote, no hassle, no obligation.

0333 358 2222