Network & Systems delivering the cloud service
How does the authentication to access the network devices and operating system implemented? Does it use any two factor authentication?
About the availability of the network and security infrastructure? does it implement load balancing or high availability solutions for the critical infrastructure components like firewalls, IPS, reverse proxies etc…
Is the underlying cloud systems are secured? Do they have a baseline configuration implemented? How does the configuration managed? Does the cloud computing provider got a plan and/or policy to perform configuration management, patch management, anti-malware etc.
Does the network undergoes periodic penetration testing? Does it undergo internal vulnerability assessment periodically? How is it ensuring that a compromised client with privileged access to the operating system is separated internally?
Does it undergo periodic audits against standards like ISO27001, SAS70 etc?
How is the customer data separated from one another? What are the security controls implemented to ensure this separation?
What are the protection and response controls against the Denial of Service attacks?