Page 1033 - Cloud computing: From paradigm to operation
P. 1033
Security 7
7.2.2.3 Emergency response
CSPs should provide a hotline service number to provide a fault reporting service, available 5*8 or 7*24.
Additionally, the service indicators should include failure acceptance time, troubleshooting time, and so on.
7.2.2.4 Security measures
CSPs should provide appropriate security measures for the whole cloud computing infrastructure.
1) Measures on computing virtualization
CSPs should implement available measures to provide flow inspection, virtual firewall or other
security features in the hypervisor layer, which can keep the behaviour of intra-virtual machines
(VMs) visible and controlled by administrators.
2) Network and domain isolation
CSPs should implement network and domain isolation measures, such as firewall, access control list
(ACL) policies in routers, and domain controllers to keep strict isolation of different CSCs.
3) Privileged access
CSPs should implement measures, such as just in time (JIT) access, to ensure privileged access.
4) Authentication
CSPs should implement strong authentication methods, such as multi-factor authentication,
fingerprint authentication, etc., to reinforce the security of the authentication.
5) Measures to secure network traffic
CSPs should implement available measures to resist denial of service (DoS)/distributed denial of
service (DDoS) attacks and circumvent network congestion, deploy intrusion detection or
prevention systems to resist network intrusion.
6) Measures against malware
CSPs should implement available measures to prevent infection by malware or virus.
7) Patch upgrade
CSPs should regularly implement patch upgrade and version upgrade for the virtualization software,
the operating system and database (DB) to keep them up to date.
7.2.2.5 Security audit
CSPs should carry out regular security audits over the whole cloud computing system. The audit can be
executed by an internal independent audit team or third-party auditors (acting as cloud service partners
(CSNs)). The audit results should be appropriately visible to CSCs.
7.2.2.6 Security monitoring for improving SLA
CSPs should provide a mechanism to monitor the quantitative parameters of services to improve SLA.
1) Monitoring objects
Define the monitoring objects, such as the central processing unit (CPU) utilization, security
warnings, and so on. The trigger condition should also be explicitly indicated.
2) Security event notification
The mode and time of security event notification should be stipulated. The notification mode
includes e-mail, telephone, short messages or other ways negotiated by CSPs and CSCs. The
notification time means the average time from the event occurrence to notifying CSC.
CSPs may provide appropriate capabilities for CSCs such as service-level self-monitoring and
automatic supervision of the resources allocated to them.
7.2.2.7 Security certification
CSPs should be responsible for the acquisition of relevant security certifications, and they should regularly
update these certifications to meet the requirements of CSCs.
The engineers and other CSP staff should take security training courses and should be qualified for the
operations of the cloud computing platform.
1025
