How cloud service providers ensure security?
1. Cloud Service Providers must ensure that the Security Controls are applied with high level of
design effectiveness that must reasonably assure a level of Confidentiality, Process Integrity, Availability, Privacy and Security as covered in SOC2.
2. The CSP should ensure that necessary controls such as Isolation and segregation of the tenants are applied to minimize cases of inferences.
3. The Security of the Physical Environment following the Uptime Institute and other environmental controls, the bother of the CSP.
4 The Security Assertion Mark-up Language (SAML) should be leveraged with a secured API to transfer data from one Security domain to the other Security Domain.
5. Adequate Data Encryption Technique, Data Masking, Data Rights Mgt, Data Tokenization, Data Dispersion, Automatic Expiration of Data, Continuous Audit Monitoring, Data Loss Prevention, Identity and Access Mgt and other data control techniques must be harmonized and applied accordingly.
6. Data Redundancy and Availability should be taken as a priority. Data Recovery tests and Restoration tests are paramount. Appropriate Business Continuity plan and disaster recovery plan must be put into place.
7. The Shared Responsibility concept between the CSP and the CSC in each of the Cloud Service Models is paramount. The CSP is responsible for the Security of the Infrastructures, Networks, Servers, RAM, CPU in IaaS while the CSC is responsible for the Operating System, the Runtime, Applications, Databases and Data. In a PaaS, the CSP is responsible for all the items stated in IaaS as well as the Operating System, Runtime Env. and Databases while the CSC is responsible for the Security of the Applications and Data, In SaaS, the CSP is responsible for all the items listed in both the IaaS and PaaS as well as Applications. The CSC is ultimately responsible for Data Security in each of the three Service Models while the CSP is responsible for the physical environment and the building blocks of Cloud Computing(RAM, Storage,vNetwork, Servers, CPU)..
The CSP must ensure that the CSC does not run with the Propriety Software while migrating Data into the
Cloud. The Data must be structured with a good layout.
8. The Encryption Key Mgt technique is Paramount at Application level, Database level and File System level and should be clearly understood.
9. The CSP should leverage on the CSA's Consensus Initiative Assessment Questionaire(CIAQ), Security ,Trust, Assurance and Risk Register(STAR) and Cloud Control Matrix(CCM) to assure that the Cloud hosting processes are. aligning with the regulations and required controls to qualify as a Self-Assessor, Certified Provider with Continuos Audit Monitoring of the Cloud hosting processes. Other controls such as ISO/IEC 31000 on Risk Management and ISO/IEC 27018 should be leveraged on in configuring and Managing the Cloud Personal Data Privacy.
10. The CSP should ensure that the premises have been audited through Third Party Attestations and ensure due registration and enforcement of SOC2 in the Cloud processes with SOC3 Seal of approval to attest.
Is there any need of deletion system over Multi cloud to ensure data privacy?
Yes, based on the Data Retention Policy and Expiration, the CSP should employ techniques such as Crypto-shredding or crypto-erasure on Disposing Cloud Data. Overwriting may not apply well due to the multi- tenanted nature of the Cloud and as the Cloud Data could frequently be overwritten. Deletion is the weakest technique to leverage on when Disposing Cloud Data as the Data could be easily recovered to a point in time and could hide in the memory slack space or disk. The best approach in Disposing Cloud Data and to ensure no form of Data Remanesence is with Crypto-Shredding or Crypto-erasure.
I hope the above helps both in your job as a Cloud Data Security Expert or for preparing for the CCSP exam. All the best.