Procure Secure - A guide to monitoring of security service levels in cloud contracts
This paper has been produced by ENISA and represents a practical guide to monitor the security of a cloud service on an on-going basis.
Despite being aimed to the procurement and governance of cloud services in a public sector perspective, much of the study is also applicable to private sector procurement. The goal is to give guidance to customers on continuous monitoring of security service levels and governance of outsourced cloud services. This is achieved through the reporting and alerting of key measurable parameters, as well as a clear understanding of how to manage the customer’s own responsibilities for security.
The main recipients of this paper are teams responsible for setting procurement requirements (such as IT officers, IT security officers, public service managers) but it is also useful to C-level executives and legal departments, to gain an understanding of the customer-side security aspects of cloud or other outsourced IT services.
Download the paper here.