Summary - X.1646 (05/2025) - Security threats to be identified in the domain of security as a service

Security as a service (SecaaS) is a cloud service category in which the capabilities provided to the cloud service customer are the integration of a suite of security services with the existing operating environment of the cloud service provider. During the development, delivery, use and support of SecaaS, there are security challenges. This Recommendation provides an overview of SecaaS and identifies security threats in the domain of SecaaS provided from public cloud with multi-tenant environments.
Recommendation ITU-T X.1646 followed the structure of security requirements for virtualized services defined in Technical Report ITU-T XSTR-XAASL, Framework for security standardization for virtualized services. Security threats in the domain of SecaaS are identified in the following areas: architecture, identity and access management, software isolation and application programming interface (API)-related issues, isolation of instances, data protection, availability, incident response, management, orchestration and deployment.