7                                                     Security




            1       Scope
            This Recommendation describes data security requirements for the monitoring service of cloud computing.
            The Recommendation analyses data security threats and challenges associated with the monitoring service
            in  a  cloud  computing  environment,  and  describes  data  security  requirements  of  the  monitoring  service
            including data scope, data lifecycle, data acquisition and data storage. This Recommendation can be used by
            cloud service providers (CSPs) who provide monitoring services to cloud service customers (CSCs).


            2       References
            None.


            3       Definitions

            3.1     Terms defined elsewhere

            This Recommendation uses the following terms defined elsewhere:
            3.1.1   authentication [b-NIST-SP-800-53]: Verification of the identity of a user, process, or device, often as
            a prerequisite to allowing access to resources in an information system.
            3.1.2   capability [b-ISO/IEC 19440]: Quality of being able to perform a given activity.

            3.1.3   cloud computing [b-ITU-T Y.3500]: Paradigm for enabling network access to a scalable and elastic
            pool of shareable physical or virtual resources with self-service provisioning and administration on demand.

            NOTE  –  Examples  of  resources  include  servers,  operating  systems,  networks,  software,  applications,  and  storage
            equipment.
            3.1.4   cloud service [b-ITU-T Y.3500]: One or more capabilities offered via cloud computing (see clause
            3.1.3) invoked using a defined interface.
            3.1.5   cloud service customer [b-ITU-T Y.3500]: Party (see clause 3.1.15) which is in a business relationship
            for the purpose of using cloud services (see clause 3.1.4).
            NOTE – A business relationship does not necessarily imply financial agreements.

            3.1.6   cloud service partner [b-ITU-T Y.3500]: Party (see clause 3.1.15) which is engaged in support of, or
            auxiliary to, activities of either the cloud service provider (see clause 3.1.7) or the cloud service customer
            (see clause 3.1.5), or both.
            3.1.7   cloud service provider [b-ITU-T Y.3500]: Party (see clause 3.1.15) which makes cloud services (see
            clause 3.1.4) available.
            3.1.8   cloud service user [b-ITU-T Y.3500]: Natural person, or entity acting on their behalf, associated with
            a cloud service customer (3 see clause.1.5) that uses cloud services (see clause 3.1.4).
            NOTE – Examples of such entities include devices and applications.

            3.1.9   Communications as a Service (CaaS) [b-ITU-T Y.3500]: Cloud service category in which the capability
            provided to the cloud service customer (see clause 3.1.5) is real time interaction and collaboration.
            NOTE – CaaS can provide both application capabilities type and platform capabilities type.

            3.1.10  community cloud [b-ITU-T Y.3500]: Cloud deployment model where cloud services (see clause 3.1.4)
            exclusively support and are shared by a specific collection of cloud service customers (see clause 3.1.5) who
            have shared requirements and a relationship with one another, and where resources are controlled by at
            least one member of this collection.
            3.1.11  hypervisor [b-NIST-SP-800-125]: The virtualization component that manages the guest OSs on a host
            and controls the flow of instructions between the guest OSs and the physical hardware.





            992