Page 1018 - Cloud computing: From paradigm to operation
P. 1018
7 Security
6 Overview
6.1 Specification of the data in this Recommendation
CSC data includes private data of customers stored on a cloud platform and related data through cloud
services for CSC, such as account information, login record and operation log.
The difference between the terms CSC (see clause 3.1.4) and CSU (see clause 3.1.8) is further distinguished
as follows.
The CSC is the person or organization that enters into the legal relationship with the CSP. So the CSC could
be an enterprise, a subsidiary, a government department or an individual consumer.
The CSU is the person, device or application that uses the cloud service that has been contracted for. The
CSU could be a government employee, an application running on a smartphone, an individual consumer or a
member of a household, such as a child. The CSC usually nominates some CSUs to act as administrators and
manage the relationship between the CSC and the CSP. A CSU always acts on behalf of a CSC. Most employee
CSUs need to have little or no visibility of what or how the CSP operates, or the services that the CSC has
contracted for, unless the CSC decides they need to know (e.g. administrators and internal auditors).
A CSC can include multiple cloud tenants. A tenant can include multiple CSUs.
6.2 Data security threats for cloud service customers
As the cloud service environment is typically multi-tenant, loss or leakage of data is a serious threat to the
CSC. The lack of appropriate management of cryptographic information, such as encryption keys,
authentication codes and access privilege, could lead to significant damage, such as data loss and unexpected
data leakage. For example, insufficient authentication, authorization and audit controls; inconsistent use of
encryption or authentication keys; operational failures; disposal problems; jurisdiction and political issues;
data centre reliability and disaster recovery, can be recognized as major sources of this threat and may be
associated with the challenges.
As for the security of storage data, since all CSC data is actually stored in the equipment of CSPs, and the
storage resources is shared by different CSCs, it may face several risks, including:
1) CSP insiders with privileges can gain unauthorized access resulting in leakage of CSC data;
2) malicious users or hackers can also gain unauthorized access resulting in leakage of CSC data;
3) cross-border data flow can lead to data leakage, especially for sensitive data;
4) software and hardware failures, power outages and natural disasters can result in data loss.
Data security also lies in the process of transmission. Data can be stolen or tampered with during
transmission, thus lead to confidentiality leakage, if the data is not encrypted properly. If CSCs have not
adopted adequate encryption, CSPs should verify the integrity of the data and take corresponding encryption
measures.
Another threat is the leakage of residual data. When a CSC unsubscribes its service, its data is cleared and
the storage space released or reallocated to other CSCs. It is the responsibility of the CSP to ensure that the
residual data of one CSC or tenant cannot be recovered by another.
6.3 Existing requirements related to about data security
The security framework for cloud computing specified in [ITU-T X.1601] provides the requirements related
to data security, including data isolation, protection and confidentiality protection.
1) Data isolation
In a cloud computing context, a tenant is prevented from accessing data belonging to another
tenant, even when the data is encrypted, except when explicitly authorized. Data isolation may be
realized logically or physically, depending on the required isolation granularity and the specific
deployment of cloud computing software and hardware.
NOTE – In cloud computing, isolation occurs at the tenant level. A given CSC may have multiple tenants in the
cloud, for example, to separate different subsidiaries, divisions or business units.
1010
