Defining security objectives
In order to protect your assets and data on the cloud, you will need to define an Information Security Management System (ISMS), and implement security policies, and processes for you organization. While larger companies may have well-defined security controls already defined for their on-premise environments, start-up organizations may be starting from scratch. However, in all cases your customers will demand to understand your security model and require strong assurances before they use your cloud-based applications. Especially, in cases of SaaS or multi-tenanted applications, it can be extremely challenging to produce security-related documentation to meet varying demands of your customers.
There are several information security standards available, for example, the ISO 27000 family of standards can help you define your ISMS. Selecting a control framework can help you cover all the bases and measure success against a set of well-defined metrics. Mapping...