Cloud Security Principles

Your provider should make the tools available for you to securely manage your use of their service. Management interfaces and procedures are a vital part of the security barrier, preventing unauthorised access and alteration of your resources, applications and data.

NCSC - Secure User Management

The cloud security principles highlight two aspects of user management.

Authentication

You have complete control over the users who are able to access the management interfaces of your platform/solution. You can also perform audits of user permissions, view logs of user access, generate reports of user activity, and set password strength and complexity rules. Two factor authentication can also be enabled for website logins.

Access to the hosting infrastructure is restricted to a limited number of GOSS staff, as described elsewhere in this document.

Our support systems are secured and can only be accessed by approved users. Our support procedures are assessed as part of our ISO 27001 certification.

Separation and Access Control

User infrastructure is segregated using virtualised environments, eliminating any chance of others affecting your service management. Within the service you have the ability to manage user access and privileges - we provide training and documentation to assist you in setting this up. Penetration testing feeds into our regular security improvements.