Documentation
What is TrustOnCloud?
TrustOnCloud is a subscription-based knowledge base, covering the Security in all major Cloud Providers. TrustOnCloud is updated as new services and features are released, it is regularly by the various industry experts from our Customers, and it applies a consistent traceable risk-based methodology across all Cloud Providers.
Getting Started
The first step is simply to send us an email to chatbot@trustoncloud.com. We use emails, because we want to be able to deliver knowledge whenever you need it: Emails do not need set up, and we can help you anytime and anywhere.
Chatbot Keywords
To interact with the Chatbot, you can use the following keywords:
ThreatModel + Any Cloud Services
We will detect any common Cloud services variation (e.g. "S3", "Simple Storage Services", "Amazon S3", etc.) and start the purchase process for the ThreatModel of this service.
Account
We will trigger our interactive chat (by email) for you to be able add/modify/delete your Account Information.
Purchase process
Once we identified the initial request correctly, we will send you an email to the email registered in your TrustOnCloud Account to review the details that we understood from the request. You can then acknowledge the purchase by replying back by email with a “Yes”, “Agree”, or “Agreed”. We may follow up on our emails, if we don’t hear back from you.
We will trigger the creation of an TrustOnCloud account, before any purchase. The creation of the Account needs to be completed in order to be able to purchase or use TrustOnCloud services.
Professional Services Offerings
TrustOnCloud Professional Services provides training, expert help, and advice services for the TrustOnCloud ThreatModels. Standard Professional Services may be purchased through an Order and delivered according to the descriptions set forth herein. Non-standard Professional services may be customized and contracted through a Statement of Work (SOW).
Threat modeling and control review of your Cloud environment
TrustOnCloud will assess and analyze your AWS, Google Cloud, and/or Azure environment for relevant threats. TrustOnCloud will review cloud infrastructure architecture, development standards, and adherence to ThreatModel controls.
The threat modeling and control review will be delivered remotely and will result in a threat modeling report.
The scope of the threat modeling and control review will include the following:
- Customer expectations: TrustOnCloud will engage you to determine security expectations and potential risks from the cloud environment.
- Information gathering: TrustOnCloud will gather information via interview, workshop, and documentation.
- Analysis: TrustOnCloud will analyze and compile a threat model report, including revisions from feedback
- Read-out of the Threat model Report: We will review with your key stakeholders to discuss top threats and security recommendations from the report.
Write Standard Operating Procedures for your Cloud controls
TrustOnCloud will write Standard Operating Procedures (SOPs) related to implement security controls from AWS, Google Cloud, and/or Azure, including detailed steps (e.g. Console screenshots).
The SOPs will be delivered remotely and will result in one SOP document per Services from the Cloud Provider (as DOCX).
The scope of the SOPs writing will include the following:
- Customer expectations: TrustOnCloud will engage you to determine the list of purpose-oriented required procedure, the level of controls required by your risk appetite.
- Deliver SOPs: We will write in your template the SOP related to the Cloud Service, including relevant ThreatModel controls, their implementation details, and any of your required information (e.g. screenshots)
Terms for Professional Services Offerings
Professional Services are subject to the applicable Agreement and the Order or SOW between you and TrustOnCloud, and the payment of all applicable fees. You acknowledge that TrustOnCloud’s ability to perform the Professional Services depends upon your fulfilment of the following obligations and project assumptions.
Customer Responsibilities
You shall:
- Provide overall management and business ownership with respect to the Professional Services
- Manage relationships with any third parties
- Promptly provide to TrustOnCloud any applicable documentation of existing requirements, designs, and constraints, as required to provide TrustOnCloud with the insight needed to support the provision of Professional Services
- Provide office space, phones, facilities, network connectivity, and computer systems for onsite TrustOnCloud personnel
- Provide timely access to key stakeholders, subject matter experts, and project team members for approvals, decisions, or other actions in connection with the performance of TrustOnCloud’s obligations under the SOW
- Obtain any TrustOnCloud subscriptions, consents, and/or third-party licenses required to support the Professional Services
- Pre-install all required software and hardware prior to the commencement of any Professional Services
- If applicable, you will make all Cloud configurations and logs available in electronic form and on the schedule required by TrustOnCloud to complete the Professional Services in a timely fashion
TrustOnCloud will provide the Professional Services described only if purchased by you, as indicated in the Order or SOW.
Last update: December 7, 2021