Page 38 - Cloud computing: From paradigm to operation
P. 38
1 Framework and requirements for cloud computing
– Auditability for trusted cloud service: It is recommended for trusted cloud services to include
appropriate mechanisms for collecting and making available necessary evidential information
related to the operation and use of a cloud service, for the purpose of conducting an audit;
NOTE 4 – Part of this requirement refers to [ITU-T Y.3502].
– Service agreement for trusted cloud service: It is recommended for trusted cloud services to have
appropriate service agreements or contracts for commitments to CSC on terms of their
requirements and considerations.
17 Security considerations
The security framework from cloud computing [ITU-T X.1601], analyses security threats and challenges in the
cloud computing environment, describes security capabilities that could mitigate these threats and addresses
security challenges.
[ITU-T X.1631] provides guidelines supporting the implementation of information security controls for CSCs
and CSPs. Many of the guidelines guide the CSPs to assist the CSCs in implementing the controls and guide
the CSCs to implement such controls. Selection of appropriate information security controls and the
application of the implementation guidance provided, will depend on a risk assessment as well as any legal,
contractual, regulatory or other cloud-sector specific information security requirements.
Regarding the protection of PII, ISO/IEC 27018 is designed for organizations to use as a reference for selecting
PII protection controls within the process of implementing a cloud computing information security
management system based on ISO/IEC 27001, or as a guidance document for organizations for implementing
commonly accepted PII protection controls.
30
