Page 1008 - Cloud computing: From paradigm to operation
P. 1008
7 Security
Table 10-2 provides a summary mapping of monitoring data storage security threats to security
requirements.
Table 10-2 – Monitoring data storage: security threats mapping to security requirements
Security threats Security requirements
Data loss and leakage a), b), c)
Service unavailability a), c)
10.3 Security requirements for monitoring data use
The data security requirements for the monitoring data use include the following:
a) it is required that the CSP clearly identify how the monitoring data is going to be used to the CSC;
b) it is recommended that the CSP provide a formal monitoring data use declaration to the CSC, such
as that illustrated in Figure 10-1.
Figure 10-1 – Recommended monitoring data use declaration
c) it is required that the CSP provide notification and obtain CSC permission prior to the use of
monitoring data for other than intended purpose;
d) it is required that the CSP support logging and auditing of monitoring data usage.
Table 10-3 provides a summary mapping of monitoring data use security threats to security requirements.
Table 10-3 – Monitoring data use: security threats mapping to security requirements
Security threats Security requirements
Data misuse a), b), c), d)
Insider threats a), b), c), d)
System vulnerabilities d)
Eavesdropping d)
10.4 Security requirements for monitoring data migration
The data security requirements for the monitoring data migration include the following:
a) it is recommended that the CSP provide notification to the CSC of monitoring data migration;
b) it is required that the CSP ensure secure transmission during monitoring data migration;
c) it is required that the CSP support logging and auditing of monitoring data migration operations.
1000
