When offering cloud services, the cloud service customer’s virtual environment should be separated and protected from other customers and unauthorized persons.
To ensure this, the organisation should enforce appropriate logical segregation of cloud service customer data, virtualized applications, operating systems, storage, and network.
Segregation should also ensure the separation of the cloud service provider's internal administration from resources used by cloud service customers.