Do you ensure that any systems (e.g., operating systems, applications, databases, etc.) in which unencrypted cloud service customer data is processed are hosted on dedicated physical hardware to ensure appropriate isolation from other cloud service customers?

data segmentation

In order to protect an individual organization’s data from unauthorized access or disclosure to other parties, data should be segmented on the basis of organization.  An example of segmentation would be to use a different database instance for each organization.

Why are they asking this?

Data that is comingled with data from other organizations is more likely to be disclosed.  These disclosures could be due to technical flaws, the result of compromise of part of the system, or caught up in a legal order for data for another organization.

What do they expect?

Generally, organizations look for their data to be kept in separate database instances, in different cloud object storage buckets, on different virtual volumes, or any other means of separating the individual organization’s data from other organizations.


At a minimum, some organizations, depending on the nature of the information, may accept that the data is identified as belonging to each organization and having mandatory access controls protecting the data from unauthorized access. Note, for this to be acceptable to some organizations, methods for dealing with legal holds, e-discovery, and subpoenas must be well established and documented.

hardware security modules

Hardware security modules (HSM) are network devices that store and generate cryptographic keys for use by applications on the network. An HSM is a highly secure device that uses standard protocols to ensure that the request is authenticated, and the key is transmitted securely.  An HSM uses hardware to generate, store, and protect all the keys, this hardware is tamper resistant and will destroy the information before allowing a physical attack to succeed.

Why are they asking this?

HSM provides the highest level of protection for cryptographic keys. If these keys were compromised, many other security controls would be negated. With these keys, an attacker could decrypt all the data protected by encryption. They want to ensure that the keys are protected to the highest level possible.

What do they expect?

They expect that an HSM is used to protect the cryptographic keys used in the environment.  It is expected that the HSM is configured in a high availability configuration to ensure that the keys, and thus access, to their data is not lost in the event of a hardware failure of an HSM.  The HSM needs to be configured properly to meet encryption standards and to allow access only to hosts that require use of the keys