ACSC - Cloud Computing Security for Cloud Service Providers
This document is designed to assist assessors validating the security posture of a cloud service in order to provide organisations with independent assurance of security claims made by Cloud Service Providers (CSPs). This document can also assist CSPs to offer secure cloud services.
An organisation’s cyber security team, cloud architects and business representatives should refer to the companion document Cloud Computing Security for Tenants.
Cloud computing, as defined by the U.S. National Institute of Standards and Technology, offers organisations potential benefits such as improved business outcomes. Mitigating the risks associated with using cloud services is a responsibility shared between the organisation (referred to as the ‘tenant’) and the Cloud Service Provider, including their subcontractors (referred to as the ‘CSP’). However, organisations are ultimately responsible for protecting their data and ensuring its confidentiality, integrity and availability.
Organisations need to perform a risk assessment and implement associated mitigations before using cloud services. Risks vary depending on factors such as the sensitivity and criticality of data to be stored or processed, how the cloud service is implemented and managed, how the organisation intends to use the cloud service, and challenges associated with the organisation performing timely incident detection and response. Organisations need to compare these risks against an objective risk assessment of using in-house computer systems which might be poorly secured, have inadequate availability or be unable to meet modern business requirements.
Our ACSC outsourcing guidance offers specific mappings to each requirement and how Atlassian Cloud Enterprise assists you in meeting your obligations, including information on audit rights, the right to issue instructions, data security, termination, and chain outsourcing. To learn more about our commitment to safeguard customer data, visit our Security Practices page.
For more information, contact us.
Relevant products
Project and issue tracking
Jira Software
enterprise agile planning
Jira Align
high-velocity itsm
Jira Service Management
document collaboration
Confluence Cloud
Git code management
Bitbucket Cloud
VISUAL COLLABORATION
Trello
modern incident response
Opsgenie
incident communication
Statuspage
help desk service management
Halp
Our team is here to help
Have more questions about our compliance program?
Do you have cloud certifications? Can you complete my security & risk questionnaire? Where can I download more information?
Trust & security community
Join the Trust & Security group on the Atlassian Community to hear directly from our Security team and share information, tips, and best practices for using Atlassian products in a secure and reliable way.
Atlassian support
Reach out to one of our highly-trained support engineers to get answers to your questions.