Cloud Security Principle 12: Secure service administration

Created:  22 Sep 2016
Updated:  22 Sep 2016
Systems used for administration of a cloud service will have highly privileged access to that service. Their compromise would have significant impact, including the means to bypass security controls and steal or manipulate large volumes of data.

The design, implementation and management of administration systems should follow enterprise good practice, whilst recognising their high value to attackers.


You should: 

  • understand which service administration model is being used by the service provider to manage the service
  • be content with any risks the service administration model in use brings to your data or use of the service

Implementation - Secure service administration

This table references our guidance on the five basic systems administration models 




Unknown service management architecture

The service provider has not disclosed this information.

In this case it would be prudent to assume that the risks associated with the Direct service administration approachare present.

Known service management architecture

The service provider has identified which systems administration model is used to administer the service.

To understand the risks associated with different systems administration models see the corresponding row in our guide.

The level of assurance you have that the service provider’s assertions are correct can vary. You can obtain independent assurance from a suitably qualified security architect.


The service provider may believe that their systems administration approach is not covered by one of the models described in our guide.

In this case it will be for you to make your own assessment about the risks associated with the service provider's administration approach.

Additional notes – Protecting administration devices

An important aspect of securing privileged administration interfaces is the security of the end user devices used for administration. It is important for you, as well as the service provider, to ensure that devices used for particularly privileged activities as well protected. For example, they should not be used for directly browsing the web or reading email, as these are high risk activities for someone to perform from a device used for administration.


< last principle   next principle >

Was this guidance helpful?

We need your feedback to improve this content.

Yes No