Page 1039 - Cloud computing: From paradigm to operation
P. 1039
Security 7
5) Security configuration migration management
When cloud computing resource or service changes (such as service capacity expansion, VM
migration, etc.), CSPs should provide dynamic security configuration adjustment means. For
example, during VM migration, automatic security configuration policy migration can be
implemented through migration status sensing, automatic matching and redeployment of the
original security configuration policy, which could ensure security configuration policy consistency
and fast deployment in cloud environment, and improve the efficiency of the security operation.
6) Security configuration isolation management
In a multi-tenancy environment of cloud computing, CSPs should execute strict classification
management of CSCs' security configuration, and take measures such as authentication, access
control, etc. This is to ensure security configuration isolation between different CSCs.
8.6 Security event processing
CSPs should take certain activities to handle security events in cloud computing environment, such as threat
alarms, vulnerability, emergency, etc. CSPs should also deploy technical measures to assist in detecting,
alarming and handling of security events.
In general, the procedure of security events processing in the cloud computing environment involves the
following steps: detecting, analysing, disposing, checking, reporting and recording. CSPs should explicitly
specify the responsible persons in each step.
8.6.1 Detecting
CSPs should take measures to monitor the security status of the cloud platform mentioned in clause 8.3, and
have the abilities to send timely alarms whenever the security events happen. They should ensure that alarms
can be sent to the designated person, such as the security manager of the cloud computing platform. The
alarms could be sent through e-mails, phone calls, short message service (SMS), etc. CSPs should be sure to
monitor all kinds of security events stated in the security clause of SLA.
8.6.2 Analysing
CSPs should confirm the security events after receiving alarms, then analyse and diagnose them to determine
the types of events, their causes and handling measures. CSPs can contact CSCs for assistance, if needed.
8.6.3 Disposing
CSPs should take handling measures according to the security events' types and levels, to minimize the
impact of those events. CSPs should refer to the security activities mentioned in clauses 8.7, 8.8 and 8.9,
which include but are not limited to the following:
1) For a security emergency, CSPs should take actions according to the emergency response plans.
2) For a security vulnerability, CSPs should take actions according to patch upgrade.
3) For a configuration weakness, CSPs should take actions according to securing configuration management.
CSPs should monitor and assess the security events dynamically, and inform CSCs of related information and
handling progress.
8.6.4 Checking
After disposing of the security events, CSPs should further analyse the reasons and situations that may cause
the security events, and check if other CSCs' system has similar vulnerabilities that may cause the same
security events. If the vulnerability exists, CSPs should notify the related CSCs immediately and take
corresponding actions. The notification should not involve any privacy of other CSCs.
8.6.5 Report and recording
CSPs should generate security events processing report which includes the security events' behaviour,
causes, handling measures, etc., and send it to the related CSCs within the time limit stated in the security
clause of SLA. CSPs should record the information of security events for later inspection and auditing. The
appropriate reports can be given to the affected CSCs and applicable third-party auditors (acting as CSN).
1031
