Cloud Application Security Requirements

The cloud security baseline is based on prevailing cloud security guidance documentation.

Cloud application security requirements.

Due diligence must be performed across the lifecycle of applications and systems being deployed to the cloud including planning development and deployment. Microsoft cloud app security is a cloud access security broker that supports various deployment modes including log collection api connectors and reverse proxy. In some instances this is where data is most vulnerable. Your organization must have a license to use cloud app security.

This site provides a knowledge base for cloud computing security authorization processes and security requirements for use by dod and non dod cloud service providers csps as well as dod components their application system owners operators and information owners using cloud service offerings csos. Cloud consumers must fully understand their networks and applications to determine how to provide functionality resilience and security for cloud deployed applications and systems. For pricing details see the cloud app security licensing datasheet. Cloud security recommendations affirmations and observations as determined by the department of homeland security s network security deployment organization s govcar efforts and how they link to other elements of the baseline.

To define cloud application security requirements with regard to your data you need to focus in three areas. Microsoft cloud app security is a multimode cloud access security broker casb. Ensure cloud networks and connections are secure 8. After you have a license for cloud app security you ll receive an email with activation information and a link to the cloud app security portal.

For tenant activation support see ways to contact support for business products admin help. Understand the security requirements of the exit process. That includes physical network application and data level security as well as full back up and disaster recovery. Encryption in flight or the need to secure data as it flows from system to system.

This includes data that exists. Encryption at rest or data as it sits in a storage subsystem. Evaluate security controls on physical infrastructure and facilities 9. It provides rich visibility control over data travel and sophisticated analytics to identify and combat cyberthreats across all your cloud services.

Microsoft cloud app security natively integrates with leading. A cloud application provider should be able to offer world class security and data privacy better than its customers can do on their own and at no additional cost. The novelty of the language lies in the integration of concepts from cloud computing with concepts from security and goal oriented requirements engineering to elicit model and analyse security.