Physical Security

Cloud service provider must enforce the physical security as per the ISO27001 controls and it must be implemented and followed in a professional manner and the detailed control mapping is mentioned in the Annex A.

In a cloud environment, Individual entity environments should be physically and administratively separate from each other.

Customers utilizing a public or otherwise shared cloud must ensure that their environments are adequately isolated from the other cloud tenants.

In addition to enforcing separation between Customer environments, segmentation may also be recommended within a Customer’s environment to isolate its sensitive servers as per ISO 27001 and cloud security alliance standards.

Segmentation on a cloud computing infrastructure must provide a level of isolation equivalent to that feasible through physical network separation.

Proper mechanism and process should be in place to ensure appropriate isolation may be required at the network, operating system and application layers; and most importantly, there should be guaranteed isolation of data that is stored.

Cloud tenant environments must be isolated from each other such that they can be considered separately managed entities with no connectivity between them.

Providers should test segmentation between all entities within their control at least biannually and demonstrate results.

Any systems or components shared by the Customers in multi-tenant environments, including the
Hypervisor and underlying systems, must not provide an access path between environments.

The cloud service provider needs to take ownership of the segmentation between Customers and verify that it is effective and provides adequate isolation between individual Customer environments.

The cloud service provider must ensure the segmentation between customer environments and the
Provider’s own environment, and between client environments and other untrusted environments.

The Customer is responsible for the proper configuration of any segmentation controls implemented within its own environment and for ensuring that effective isolation is maintained components.

Cloud services involve physical resources located within the Provider environment (including DR Infrastructure) that are accessed remotely from the Customer’s environment.

Physical security controls need to be implemented which will protect the provider’s infrastructure as well
as the customer infrastructure.

Cloud service provider ensure the segmentation where Cloud service Providers shared clouds provide services to multiple Customers whose data and virtual components co-exist in the same physical location and are managed by the same physical systems as those of other Customers.

Site Selection

24/7 Operation of Data Center - Temperature and Relative Humidity Control

Materials

General Paths of Access

Planning Detail

Computer Room

Entrance Rooms

Mechanical Room

Electrical Room and UPS Room

Fire Suppression Room

Circulation

Equipment Staging and Storage

Floor Slab

Computer Room Wall Construction

Fire-Rated Construction

Access Control Systems

Airborne Particles

Access Flooring System

Ceilings

Equipment Bracing System

Structural Building Code Compliance and Coordination

Structural Concerns Specific to Data Center Design

Introduction

Transformers

On Site Generation

Availability

Electrical Class Ratings

UPS System

Synchronization

UPS Output Switchboards

Ties and Interconnections

UPS Output Distribution

Power Distribution Units (PDUs)

Direct Current (DC) Power Systems

Computer Room Equipment Power Distribution

Load Management

Automation and Control, Monitoring

Bonding, Grounding, Lightning Protection, and Surge Suppression

Building Ground (Electrode) Ring

Labeling and Signage

Introduction

Data center network cabling design

Outside Plant Cabling Infrastructure

Aerial Service Pathways

Service Providers

Application cabling lengths

Telecommunications Cabling Infrastructure Classes

Cabling Topology

Cable Tray Support Systems

Overhead Cable Trays

Underfloor Cable Trays

Backbone Cabling

Cabling Types

Cabling Installation

Telecommunications and Computer Cabinets and Racks

Cabinet Airflow and Cabling Capacity

Cabinet and Rack Installation

Thermal Management in Cabinets

Introduction

Data center infrastructure Tiers

N - Base requirement

Concurrent maintainability and testing capability

Capacity and scalability

Isolation

Data center tiering

Secure Operation

Introduction

Cloud Deployment Model

Cloud Service Model

Facilities

Organization-Human resources

Cloud Infrastructure

Asset management and monitoring

Cloud Security

Physical Security

Network and Infrastructure Security

Applications and Database Security

Security and Compliance

Information Security

Security Operations and Management