Cloud Security Principles

Systems used for the administration of a cloud service will have highly privileged access to that service. Their compromise would have significant impact, including the means to bypass security controls and steal or manipulate large volumes of data.

NCSC - Secure Service Administration

Our service administration is based upon a model that uses dedicated devices for multiple community service administration. We use this model as we have clients in both the public and private sectors.

In addition we implement the following:

• GOSS administrators have individual accounts to access cloud administration portals
• Two-factor authentication is required for login
• Different levels of access is given to administration networks
• Only designated technicians have access