Hello experts:
I have been assigned to project TPRM. The scenarios are as below:
Scenario 1: We have outsourced our applications hosting to third party. The TP will host the application on their cloud. The application is managed by us. But OS, Database and Infra managed by TP.
Query:
1. As TPRM assessor, what high level points that I need to focus? And how this will be different than On Prem hosted application?
2. Can we consider this as PAAS?
Scenario 2: We have completely outsourced the Application hosts as SAAS to TP. Means App, OS, Database and Infra managed by TP.
Query:
1. As TPRM assessor, what high level points that I need to focus? How my TPRM approach will differ here from Scenario 1?
2. What special consideration, I need to consider for Data assuming it is GDPR scoped data.
Scenario 3: Assume we are only opting IAAS to host our app. Means only Infra is managed by TP. And App, DB, OS is managed by us.
Query:
1. As TPRM assessor, what high level points that I need to focus?
**Assume that TP is vendor who may use any cloud e. g. Azure / AWS …..
------------------------------
Kaustubh Ponkshe
Associate Security Consultant
Tech Mahindra
------------------------------