Page 132 - Cloud computing: From paradigm to operation
P. 132

1                                    Framework and requirements for cloud computing


            8.4     Metadata and policy management requirements

            (1)     It is recommended that CSP:SFP provide a configuration of a single virtual volume by data storage
                    policy for CSC:CSU.
            (2)     It is recommended that CSP:SFP provide default data storage policies when policy is not configured.

                    NOTE 1 – Default data policy is reconfigured by customer's requests.
            (3)     It is recommended that CSP:DMP provide a transformation of DSF data by data manipulation policy.
                    NOTE 2 – Data manipulation policy for transformation of DSF data includes the policies of fragmentation,
                    encryption, compression, de-duplication, etc.
            (4)     It is recommended that CSP:DMP provide a default data manipulation policy.

            (5)     It is required that CSP:SFP provide a global registry for customer data access.
            (6)     It is required that CSP:SFP provide high-speed access of global registry.
            (7)     It  is  required  that  CSP:DMP  provide  management  of  data  operation  metadata  automatically
                    according to execution of data operation.
            (8)     It is required that CSP:SFP provide storage management metadata to communicate with DSF local
                    storage.


            9       Security considerations

            It  is  recommended  that  the  security  framework  for  cloud  computing  described  in  [b-ITU-T  X.1601]  be
            considered for data storage federation. [b-ITU-T X.1601] analyses security threats and challenges in the cloud
            computing  environment  and  describes  security  capabilities  that  could  mitigate  these  threats  and  meet
            security challenges.
            [b-ITU-T  X.1631]  provides guidelines  supporting  the implementation  of  information security controls  for
            cloud service customers and cloud service providers. Many of the guidelines guide the cloud service providers
            to assist the cloud service customers in implementing the controls and guide the cloud service customers to
            implement such controls. Selection of appropriate information security controls and the application of the
            implementation  guidance  provided,  will  depend  on  a  risk  assessment  as  well  as  any  legal,  contractual,
            regulatory or other cloud-sector specific information security requirements.
            It  is  also  recommended  that  the  guidelines  for  cloud  service  customer  data  security  described  in
            [b-ITU-T X.1641] be considered. It provides generic security guidelines for the cloud service customer (CSC)
            data in cloud computing, analyses the CSC data security lifecycle and proposes security requirements at each
            stage of the data lifecycle.
































            124
   127   128   129   130   131   132   133   134   135   136   137