Page 1108 - Cloud computing: From paradigm to operation
P. 1108

8                                            Assisting developing countries





















                                      Figure 7-6 – Cost for adoption of cloud computing


            8       Cloud computing requirements in developing countries

            8.1     Standardization requirements
            Several  efforts  are  being  made  by  various  standards  developing  organizations  (SDOs)  to  develop  cloud
            computing  standards  that  will  foster  the  adoption  of  cloud  computing  services.  Standards  will  set  a
            benchmark  that  will  be  used  to  assess  and  select  the  most  apt  cloud  computing  solution  for  a  given
            requirement.

            There is need for fervent standardization of cloud computing in developing countries to enable the ease and
            flexible adoption of cloud computing and to optimize the use of this technology in these countries. Standards
            will also help to circumvent the possible vendor or operator lock-in of CSCs. The different aspects of the
            standards that need to be considered are as highlighted.
            8.1.1   Cybersecurity

            ITU has developed several recommendations on security in the cloud. The recommendations developed
            hitherto include:

            •       Security  framework  for  cloud  computing  [ITU-T  X.1601]  which  analyses  security  threats  and
                    challenges  in  the  cloud  computing  environment  and  describes  security  capabilities  that  could
                    mitigate these threats and address security challenges.
            •       Recommendation  [ITU-T  X.1602] on security  requirements  for  software  as  a  service  application
                    environments  which  analyses  the  maturity  levels  of  SaaS  application  and  proposes  security
                    requirements  to  provide  a  consistent  and  secure  service  execution  environment  for  SaaS
                    applications.
            •       Information technology – Security techniques ([ITU-T X.1631]) – Code of practice for information
                    security  controls  based  on  [ISO/IEC  27002]  for  cloud  services.  This  recommendation  provides
                    guidelines for information security controls applicable to the provision and use of cloud services for
                    both CSPs and CSCs.

            •       Generic security guidelines for the cloud service customer (CSC) data in cloud computing are provide
                    in [ITU-T X.1641]. This Recommendation also analyses the CSC data security lifecycle and proposes
                    security requirements at each stage of the data lifecycle. Furthermore, it provides guidelines on
                    when each control should be used for best security practice.
            •       Recommendation [ITU-T X.1642] on guidelines of operational security for cloud computing provides
                    generic operational security guidelines for cloud computing from the perspective of cloud service
                    providers (CSPs). A set of security measures and detailed security activities for the daily operation
                    and maintenance are provided to help CSPs mitigate security risks and address security challenges
                    for the operation of cloud computing.






            1100
   1103   1104   1105   1106   1107   1108   1109   1110   1111   1112   1113