04_Enterprise-Monitoring-Accounts.md

Enterprise Monitoring Accounts

(Back)

Objective

Create role-based account to enable enterprise monitoring and visibility

Applicable Service Models

IaaS, PaaS, SaaS

Mandatory Requirements

Activity	Validation
Create role-based accounts to enable enterprise monitoring and visibility for cloud environments that are procured via the GC Cloud Broker or are included in the scope of centralized guardrails validation.	Verify that roles required to enable visibility in the GC have been provisioned or assigned.
Review access privileges periodically and remove access when it is no longer required.	CConfirm that alerts to authorized personnel have been implemented to flag misuse, suspicious sign-in attempts, or when changes are made to privileged and non-privileged accounts.

Additional Considerations

None

References

• Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN) 2017-01, subsection 6.2.3
• Cyber Centre’s top 10 IT security actions, number 2
• IT Security Risk Management: A Lifecycle Approach (ITSG-33), Annex 3A: Security Control Catalogue, AC-3(7)

Related security controls from ITSG-33

AC-3(7), AC-6(5), IA-2(1)