Cloud security principles – separation between users

Posted on 29 August 2017

In our ongoing series of blog posts looking at the 14 National Cyber Security Centre’s Cloud Security Principles, we will be looking at the separation between users. This is where a malicious or compromised user is able to affect the service or data of another user.

The key factors that you need to understand are:

  • The types of user you share the service or platform with
  • You have confidence that the service provides sufficient separation of your data and service from other users of the service
  • You have confidence that management of your service is kept separate from other users

Who are you sharing the service with?

The degree of confidence you need to establish in the user separation measures employed in a cloud service will depend on your intended use, and the deployment model of the service.

  • Private cloud services – because a single organisation should have a good understanding of all its uses for the cloud environment you may be comfortable with only having quite limited assurance in the separation of the service.
  • Community cloud services – Where you trust the community, and its members are known to practice a good level of hygiene (perhaps even bound by a code of conduct), evidence that well scoped penetration tests are regularly conducted may give you sufficient confidence in the separation provided.
  • Public cloud services – You should consider the strength of separation required, given that other consumers of the service may be actively hostile towards you. If a higher level of confidence is needed, in addition to penetration testing, it may be desirable to gain assurance in the design of the service and the engineering practices of the service provider.

There are a number of ways you can ensure separation between users and maintain your security.


With virtualisation technologies compute separation is provided by a hypervisor. Network and storage virtualisation techniques can also be employed. Most of the commercially available virtualisation technologies are likely to provide stronger separation than other software controls (see below).

Some virtualisation products have been assessed against well-defined security standards, such as the Certified Product Assurance scheme

Other software controls

With his method operating systems, Web servers or other applications, provide the necessary separation between users of the service. However, with this method the attack surface available to a rogue user is much greater. Software vulnerabilities or mis-configuration issues could lead to breaches.

For this method you should look to gain confidence in the implementation of separation controls by looking for evidence of:

  • Regular penetration tests of infrastructure and any relevant Web applications
  • Security reviews of the design of the service
  • An engineering approach that ensures security is a key consideration in developing the service

To read more about the Cloud Security Principles – go here

Or, if you would like to talk about your cloud security and how we can help, please contact us.

A few people we've already done it for