Page 1037 - Cloud computing: From paradigm to operation
P. 1037
Security 7
2) Abnormal behaviour detection: The abnormal behaviour includes illegal log-in, illegal access to cloud
management platform and violation access to other resources, the abnormal modifications of the
configurations of network equipment and virtual machines, or other penetration attacks, which can
be implemented by technical means, such as integrated auditing tools, DLP software or other
security tools.
3) Abnormal network traffic monitoring: CSPs should have the capability to detect and analyse
abnormal traffic in the physical network and the virtual network, especially intra-VMs traffic. It is
necessary to keep awareness of network traffic and performance status, which can help CSPs
improve the defence capability against worms, abnormal traffic attacks, and other potential security
threats in the cloud computing environment.
4) Physical security monitoring: The objects of physical security monitoring include the temperature
and humidity control system, closed circuit television (CCTV), entrance guard, a fire protection
system, air-conditioner, a power supply system, surveillance, protective cages, etc., which can be
inspected daily.
Above all, CSPs should run a full range check of the cloud computing environment to get the health status of
the cloud computing services in the daily operation and maintenance. This can help CSPs quickly detect
various indications, such as network performance quality, VM performance and CSC-oriented service quality,
etc. Furthermore, the checking process can be customized to support threshold or even baseline value alerts.
Based on the monitoring information gathered, CSPs should be able to quickly find the problems in the
network, storage, physical machines and virtual platforms when failure happens.
CSPs should also have the capability to locate the other potentially affected CSCs by correlation analysis on
each specific failure, based on the assumption that CSCs have the same weaknesses, the same applications,
and the same specific version of OS, etc.
8.4 Disaster recovery
CSPs should implement security measures for disaster recovery with the same security level as the original
systems. The security measure technology includes server clusters, synchronous remote mirroring and
asynchronous remote mirroring to achieve a hot-standby capability for disaster recovery.
1) Server clustering
Server clustering can coordinate and manage the errors and failures of the separated components,
and can add components to the cluster transparently, with elasticity and scalability to reach a
sufficient performance.
2) Synchronous remote mirroring
Through remote mirroring software, the data of the primary site is synchronously replicated and
transmitted to a remote site. Once the primary site fails, the running programs would switch to the
remote site. The synchronous remote mirroring can guarantee business to continue without loss of
data. The cost of this method is high as it depends on a delicately designed mirroring software and
sufficient bandwidth of network. Synchronous remote mirroring is regularly implemented in
systems of high security level.
3) Asynchronous remote mirroring
This is another remote mirroring method which usually has a lower cost than the synchronous
remote mirroring. The data of the primary site is periodically replicated and transmitted to a remote
site. If things go well, it can ensure a complete copy in the remote site without degrading the
performance of the primary site. But if something goes wrong during the mirroring period, loss of
data is inevitable. Asynchronous remote mirroring could be chosen after a sufficient risk evaluation.
1029
