Page 403 - Cloud computing: From paradigm to operation
P. 403

Framework and requirements for cloud computing                              1


                    Recommendation  is  independent  of  any  service or scenarios-specific model  (e.g.,  web  services,
                    Parlay X or REST), assumptions or solutions. This Recommendation describes a structured approach
                    for defining, designing and implementing secure and manageable service-oriented capabilities in
                    telecommunication cloud computing environments.

                    URI: http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=12615
            •       ITU-T X.1641: This Recommendation provides generic security guidelines for cloud service customer
                    (CSC) data in cloud computing. It analyses the CSC data security life cycle and proposes security
                    requirements  at  each  stage  of  the  data  life  cycle.  Furthermore,  the  Recommendation  provides
                    guidelines on when each control should be used for best security practice.
                    URI: https://www.itu.int/ITU-T/recommendations/rec.aspx?rec=12853
            •       ITU-T  X.1603:  Recommendation  ITU-T  X.1603  analyses  data  security  requirements  for  the
                    monitoring  service  of  cloud  computing  which  includes  monitoring  data  scope  requirements,
                    monitoring  data  life  cycles,  security  requirements  of  monitoring  data  acquisition  and  security
                    requirements  of  monitoring  data  storage.  Monitoring  data  scope  requirements  include  the
                    necessary monitoring scope that CSPs should provide to maintain cloud security and the biggest
                    monitoring scope of CSPs. Monitoring data life cycles includes data creation, data store, data use,
                    data migrate, data present, data destroy and data backup. Monitoring acquisition determines the
                    security  requirements  of  the  acquisition  techniques  of  a  monitoring  service.  Monitoring  data
                    storage determines the security requirements for CSPs to store the monitoring data.
                    URI: https://www.itu.int/ITU-T/workprog/wp_item.aspx?isn=13562
            •       ITU-T X.SRIaaS: Infrastructure as a Service (IaaS) is one of the representative categories of cloud
                    services, in which the cloud capabilities service provided to the CSC is an infrastructure capabilities
                    type.  IaaS  environments  and  virtualized  services  are  facing  more  challenges  and  threats  than
                    traditional information technology infrastructure and applications. Platforms that share computing,
                    storage and network services need protections specific to the threats in the IaaS environment. If
                    these threats are not carefully addressed, it will have very negative impacts on the development of
                    IaaS services. This Recommendation aims to document the security requirements of public IaaS. This
                    will  be  helpful  for  IaaS  CSPs  to  improve  the  overall  security  level  throughout  the  planning,
                    constructing and operating stages of IaaS platform and services. This work also complements the
                    security standardization activity related to software-defined networks, especially X.sdnsec.
                    URI: https://www.itu.int/ITU-T/workprog/wp_item.aspx?isn=13578
            •       ITU-T X.SRNaaS: Network as a Service (NaaS) is one of the representative cloud service categories,
                    in which the capability provided to the cloud service customer (CSC) is transport connectivity and
                    related  network  capabilities.  NaaS  services  can  provide  any  of  three  cloud  capabilities:  NaaS
                    application service, NaaS platform service and NaaS connectivity service. All three kinds of NaaS
                    service face particular security challenges such as application security vulnerabilities, security risks
                    of  network  virtualization,  eavesdropping,  etc.  Recommendation  ITU-T  X.SRNaaS  analyses  the
                    security  challenges  and  security  requirements  of  NaaS  application,  NaaS  platform  and  NaaS
                    connectivity. This Recommendation could help NaaS service providers to address security issues.
                    The capabilities provided by this Recommendation will take into account the national legal and
                    regulatory  obligations  in  individual  Member  States  in  which  the  NaaS  services  operate.  The
                    methodology of this proposal would follow the recommendations of clause 10 in Recommendation
                    ITU-T X.1601.
                    URI: https://www.itu.int/itu-t/workprog/wp_item.aspx?isn=13590
            •       ITU-T  X.SRCaaS:  Recommendation  ITU-T  X.SRCaaS  recommends  the  security  requirements  of
                    communication as a service (CaaS) application environments with the identification of the risks. The
                    Recommendation describes the scenarios and the features of CaaS, into which multi-communication
                    capabilities are plugged. Moreover, some special /unique risks are identified, which are caused by
                    the unique features of CaaS. The corresponding security requirements are recommended for the
                    following aspects: identity fraud, orchestration security, multi-device security, countering spam,
                    privacy protection, infrastructure attack, attack from infrastructure, Intranet attack and so on. The


                                                                                                         395
   398   399   400   401   402   403   404   405   406   407   408