Page 402 - Cloud computing: From paradigm to operation
P. 402
1 Framework and requirements for cloud computing
Table 10-1– ITU-T SG17 deliverables
Starting
Title of deliverable Current status Target date
date
ITU-T X.1602, Security requirements for software as a Recommendation 04/2011 03/2016
service application environments
ITU-T X.1641, Guidelines for cloud service customer data Recommendation 09/2014 09/2016
security
ITU-T X.1603, Data security requirements for the Recommendation 09/2015 03/2018
monitoring service of cloud computing
ITU-T X.SRIaaS, Security requirements of public Draft Recommendation 03/2016 09/2019
infrastructure as a service (IaaS) in cloud computing
ITU-T X.SRNaaS, Security requirements of Network as a Draft Recommendation 09/2016 09/2019
Service (NaaS) in cloud computing
ITU-T X.SRCaaS, Security requirements for Draft Recommendation 09/2016 109/2019
Communication as a Service application environments
ITU-T X.GSBDaaS, Guidelines on security of Big Data as a Draft Recommendation 09/2016 09/2019
Service
ITU-T X.sgcc, Security guidelines for container in cloud Draft Recommendation 09/2018 Q4/2020
computing environment
• ITU-T X.1601: This Recommendation provides guidelines for cloud service customer data security in
cloud computing, for those cases where the cloud service provider (CSP) is responsible for ensuring
that the data is handled with proper security. This is not always the case, since for some cloud
services the security of the data will be the responsibility of the cloud service customers (CSCs)
themselves. In other cases, the responsibility may be mixed.
For example, in some cases the CSP may be responsible for restricting access to the data, while the
CSC remains responsible for deciding which cloud service users (CSUs) should have access to it, and
the behaviour of any scripts or applications with which the CSU processes the data.
This Recommendation identifies security controls for cloud service customer data that can be used
in different stages of the full data life cycle. These security controls may differ when the security
level of the cloud service customer data changes. Therefore, the Recommendation provides
guidelines on when each control should be used for best security practice.
URI: http://www.itu.int/ITU-T/recommendations/rec.aspx?id=12613
• ITU-T X.1631 | ISO/IEC 27017: Recommendation ITU-T X.1631 | ISO/IEC 27017 provides guidelines
for information security controls applicable to the provision and use of cloud services by providing:
– additional implementation guidance for relevant controls specified in ISO/IEC 27002;
– additional controls with implementation guidance that specifically relate to cloud services.
This Recommendation | International Standard provides controls and implementation guidance for
both cloud service providers and cloud service customers.
URI: http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=12490
• ITU-T X.1642: This Recommendation provides guideline of operational security for cloud computing,
which includes guidance on service level agreements (SLAs) and daily security maintenance for cloud
computing. The target audiences of this Recommendation are cloud service providers, such as
traditional telecommunication operators, ISPs and ICPs.
URI: http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=12616
• ITU-T X.1602: This Recommendation provides a generic functional description for a secure service
oriented Software as a Service (SaaS) application environment that is independent of network types,
operating systems, middleware, vendor specific products or solutions. In addition, this
394