Cloud Security Principle 13: Audit information for users

Serviceteam IT Security News

Goals

You should be:

  • aware of the audit information that will be provided to you, how and when it will be made available, the format of the data, and the retention period associated with it
  • confident that the audit information available will meet your needs for investigating misuse or incidents

Implementation – Audit information for users

Approach

Description

Guidance

None

The service provider does not offer audit information to users.

Failure to provide audit information can prevent you from identifying misuse of your service and data. 

You should consider whether the inability to determine how, when or where a service is accessed could result in legal or regulatory issues.

Data made available by negotiation

The service provider offers users limited audit information as a result of negotiation.

You should consider whether the audit data provided is adequate to support your needs. 

The provision of audit information does not in itself give you any protection. The information will require analysis to uncover evidence of compromise or misuse.

Data made available

The service provider makes specific audit data available to users. The timetable, method, format and retention period of the data is specified.

You should consider whether the audit data provided is adequate to support your needs. 

The provision of audit information does not in itself give you any protection. For this, the information will require analysis to uncover evidence of compromise or misuse.

Additional notes – Usability of audit data

Audit data is of limited value unless used as part of an effective monitoring regime. Good monitoring requires a thorough understanding of the expected service usage.

For IaaS and PaaS services, the service provider or a third party may offer value-add protective monitoring services for workloads you’ve deployed.  When considering these services, think about what support the service provider or third party would need to deliver an insightful service.

Consider whether you require audit records to be held to specific standards, or be suitable for specific circumstances (e.g. such as being legally admissible in a UK court).

< last principle   next principle >

Source: NCSC

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

/by
You might also like
Serviceteam IT Security News EUD Guidance: Windows 10 (1803) with Mobile Device Management
Serviceteam IT Security News CyberUK In Practice Track 1: Managing Threat
Serviceteam IT Security News Cloudflare Launches Publicly DNS-Over-HTTPS Service
Serviceteam IT Security News Man arrested in Malta in global operation to shut down cybercrime network targeting Australians
Serviceteam IT Security News KRACK Attack Devastates Wi-Fi Security
Serviceteam IT Security News PSNI data breach: 200 officers and staff not informed about theft for month