Not only classical attack scenarios are relevant for cloud servers. In addition to that there are specific characteristics, such as the fact that several users share a common IT infrastructure and, as a result, systems in the cloud are often particularly exposed.
To keep cloud-specific risks to a possible minimum, Swisscom recommends that the topic of ICT security be tackled in a comprehensive manner, all possible sources of danger be examined and protective measures be structurally introduced. This includes both technical and organisational actions, such as the following security aspects:
- Secure connection to the cloud
- Secure communication within the cloud and to other cloud services
- Identity and Access Management (IAM): Managing identities with roles, rights and access controls
- Auditing and logging
- Security and vulnerability management
- Requirements management and compliance