Cloud Security
Using public cloud owned and managed by TechM, for internal
or external projects must follow security guidance from Cloud
Service Provider (CSP) as well as TechM Policy and guidelines.
In case where Client owns or manages the Cloud, Client
specific security controls must be implemented. Accessing Public
Cloud from TechM or Client network, must abide to security and
regulatory requirements. Using Private cloud also must implement
security controls, though the risk could lower that using Public
Cloud. Provisioning and deprovisioning of Cloud environments must
ensure security.
All Cloud environments are periodically security and risk
assessed and audited for security.
Please refer Policy for Cloud
Deployments
Security
Policy for Cloud Deployments (ISG-PO042)
For internal Projects use TIM Provisioned Cloud account or
subscription
Follow below process while using the Public Cloud Environment
for Internal Use (For Cloud computing solutions and services used
only for TechM or for developing TechM intellectual property (IP)
and are not part of any commercial Client agreement)
Provisioning workflow
Step:1
Fill below mentioned worksheets, available on BMS
| Cloud |
Pre Reqiesist |
| AWS |
TIM-AWS Account Provisioning Details (ISG-TP047) sheet |
| Azure |
TIM-Azure Account Provisioning Details (ISG-TP045) sheet |
| Google |
TIM_GCP Account Provisioning Details (ISG-TP062) sheet |
| IBM Cloud |
TIM_IBM Account Provisioning Details (ISG-TP056) sheet |
| Oracle Cloud |
TIM_Oracle Account Provisioning Details (ISG-TP063) sheet |
|
|
Step:2 Obtain approval from
Project owner (IBG Head) for the estimated cost of the cloud
resources
Step:3 Raise request in HUB
as below (Category for different cloud providers)
| Cloud |
Provisioning |
| AWS |
HUB --> ISG --> AWS Account --> C-102 - AWS Account
Provisioning-ICS |
| Azure |
HUB --> ISG --> AWS Account --> C-106 - Azure Account
Provisioning-ICS |
| Google |
HUB --> ISG --> AWS Account --> C-110 - GCP Account
Provisioning-ICS |
| IBM Cloud |
HUB --> ISG --> AWS Account --> C-114 - IBM Account
Provisioning-ICS |
| Oracle Cloud |
HUB --> ISG --> AWS Account --> C-118 - Oracle Account
Provisioning-ICS |
Deprovisioning workflow
Step:1
Fill below mentioned worksheets, available on BMS
| Cloud |
Pre Reqiesist |
| AWS |
ICS_AWS Account De-Provisioning Details (ISG-TP052) sheet |
| Azure |
TIM-Azure Account Provisioning Details (ISG-TP045) sheet |
| Google |
ICS_GCP Account De-Provisioning Details (ISG-TP057) sheet |
| IBM Cloud |
ICS_IBM Account De-Provisioning Details (ISG-TP053) sheet |
| Oracle Cloud |
ICS_Oracle Account De-Provisioning Details (ISG-TP060)
sheet |
Step:2 Raise request in HUB
as below (Category for different cloud providers)
| Cloud |
De-Provisioning |
| AWS |
HUB --> ISG --> AWS Account --> C-104-AWS Account
De-Provisioning ICS |
| Azure |
HUB --> ISG --> AWS Account --> C-108 -Azure Account
De-Provisioning-ICS |
| Google |
HUB --> ISG --> AWS Account --> C-112 -GCP Account
De-Provisioning-ICS |
| IBM Cloud |
HUB --> ISG --> AWS Account --> C-116 -IBM Account
De-Provisioning-ICS |
| Oracle Cloud |
HUB --> ISG --> AWS Account --> C-120 -Oracle Account
De-Provisioning-ICS |
Step:3
For any exception for accessing or using the Cloud
environment raise request in HUB as below (Category for different
cloud providers)
| Cloud |
Exception |
| AWS |
HUB --> ISG --> AWS Account --> C-126-130 AWS Cloud Access Exception |
| Azure |
HUB --> ISG --> AWS Account --> C-131-135 Azure Cloud Access Exception |
| Google |
HUB --> ISG --> AWS Account --> C-146 - 150 Google Cloud Access Exception |
| IBM Cloud |
HUB --> ISG --> AWS Account --> C-156 - 160 IBM Cloud Access Exception |
| Oracle Cloud |
HUB --> ISG --> AWS Account --> C-166 -170 Oracle Cloud Access Exception |