e-Security | Vol: 36-12014 © CyberSecurity Malaysia 2014 - All Rights Reserved 66 strict authentication and authorisation processes. Nobody should be exempted from this requirement so that there is less chance for unauthorised individuals to do something harmful and also to ensure that actions taken by authorised individuals can later be traced back to them for accountability purposes.

8. Operational Security

There should be processes and procedures in place by the cloud service provider to ensure the operational security of the service is well-defined. The processes and procedures are important so that everybody is aware and can properly do their work during normal operating conditions as well as during security disasters.

9. Personnel security

The consumer should make sure that the cloud service provider performs adequate security screening of their personnel and ensure that those personnel undergo the correct security training for their role in the cloud provider’s organisation.

10. Secure development of services

Consumers should evaluate and decide whether the cloud service provider implement secure development practices. One way this can be verified is to insist on the latest vulnerability and security assessment reports of the services that the consumer is interested in. This can help to show whether the cloud service provider consistently identify and mitigate threats to the security of the service. Conclusion Security is the responsibility of both the consumer and the cloud service provider. This article has attempted to describe some of the security principles that both the consumer and the provider should be concerned with. There are additional security principles that will add extra layers of confidence if they are implemented by the provider but the principles described above should be a good starting point in the right direction for the consumer. ￭ References 1 . h t t p : w w w . m e r r i a m - w e b s t e r . c o m d i c t i o n a r y s e c u r i t y 2 . h t t p : w w w. a c c o u n t i n g c o a c h . c o m b l o g s e p a r a t i o n - o f - d u t i e s - i n t e r n a l - c o n t r o l 3 . h t t p : w w w . s a f e n e t - i n c . c o m d a t a - p r o t e c t i o n v i r t u a l i z a t i o n - c l o u d - s e c u r i t y s a a s - s e c u r i t y - c l o u d - a c c e s s - c o n t r o l 4 . 4 . h t t p s : d a t a t r a c k e r . i e t f . o r g d o c u m e n t s L I A I S O N f i l e 1 1 8 1 . d o c [ R e q u i r e m e n t s f o r S e r v i c e P r o t e c t i o n A c r o s s E x t e r n a l I n t e r f a c e s D r a f t 0 . 3 4 J a n u a r y 2 0 1 1 ] 5 . h t t p s : w w w . g o v . u k g o v e r n m e n t p u b l i c a t i o n s c l o u d - s e r v i c e - s e c u r i t y - principlescloud-service-security-principles