Cloud Security Principles

All external or less trusted interfaces of the service should be identified and appropriately defended.

NCSC - External Interface Protection

Due to the nature of the services we deliver, they will have public interfaces available over the internet (eg your website). We enforce HTTPS across all sites, and as a GOSS hosted client we provide an appropriate certificate which uses SHA-2.

Interfaces exposed to a third party for integration purposes should use a site to site VPN connection for the transfer of data. Our IPSec endpoints support all profiles listed in the NCSC guidance.