Page 1086 - Cloud computing: From paradigm to operation
P. 1086
7 Security
Implementation guidance for cloud services
Cloud service customer Cloud service provider
The cloud service customer should request information The cloud service provider should provide capabilities
from the cloud service provider of the service that enable the cloud service customer to monitor
monitoring capabilities available for each cloud service. specified aspects, relevant to the cloud service
customer, of the operation of the cloud services. For
example, to monitor and detect if the cloud service is
being used as a platform to attack others, or if sensitive
data is being leaked from the cloud service. Appropriate
access controls should secure the use of the monitoring
capabilities. The capabilities should provide access only
to information about the cloud service customer's own
cloud service instances.
The cloud service provider should provide
documentation of the service monitoring capabilities to
the cloud service customer.
Monitoring should provide data consistent with the
event logs described in clause 12.4.1 and assist with SLA
terms.
CLD.13.1 Network security management
The objective specified in clause 13.1 of ISO/IEC 27002 applies.
CLD.13.1.4 Alignment of security management for virtual and physical networks
Control
Upon configuration of virtual networks, consistency of configurations between virtual and physical networks
should be verified based on the cloud service provider's network security policy.
Implementation guidance for cloud services
Cloud service customer Cloud service provider
(no additional implementation guidance) The cloud service provider should define and document
an information security policy for the configuration of
the virtual network consistent with the information
security policy for the physical network. The cloud
service provider should ensure that the virtual network
configuration matches the information security policy
regardless of the means used to create the
configuration.
Other information for cloud services
In a cloud computing environment built on virtualization technology, a virtual network is configured on virtual
infrastructure on a physical network. In such environments, inconsistency of network policies can cause
system outages or defective access control.
NOTE – Depending on the type of cloud service, the responsibilities for configuring a virtual network can vary between
a cloud service customer and a cloud service provider.
1078
