Page 403 - Cloud computing: From paradigm to operation
P. 403
Framework and requirements for cloud computing 1
Recommendation is independent of any service or scenarios-specific model (e.g., web services,
Parlay X or REST), assumptions or solutions. This Recommendation describes a structured approach
for defining, designing and implementing secure and manageable service-oriented capabilities in
telecommunication cloud computing environments.
URI: http://www.itu.int/ITU-T/recommendations/rec.aspx?rec=12615
• ITU-T X.1641: This Recommendation provides generic security guidelines for cloud service customer
(CSC) data in cloud computing. It analyses the CSC data security life cycle and proposes security
requirements at each stage of the data life cycle. Furthermore, the Recommendation provides
guidelines on when each control should be used for best security practice.
URI: https://www.itu.int/ITU-T/recommendations/rec.aspx?rec=12853
• ITU-T X.1603: Recommendation ITU-T X.1603 analyses data security requirements for the
monitoring service of cloud computing which includes monitoring data scope requirements,
monitoring data life cycles, security requirements of monitoring data acquisition and security
requirements of monitoring data storage. Monitoring data scope requirements include the
necessary monitoring scope that CSPs should provide to maintain cloud security and the biggest
monitoring scope of CSPs. Monitoring data life cycles includes data creation, data store, data use,
data migrate, data present, data destroy and data backup. Monitoring acquisition determines the
security requirements of the acquisition techniques of a monitoring service. Monitoring data
storage determines the security requirements for CSPs to store the monitoring data.
URI: https://www.itu.int/ITU-T/workprog/wp_item.aspx?isn=13562
• ITU-T X.SRIaaS: Infrastructure as a Service (IaaS) is one of the representative categories of cloud
services, in which the cloud capabilities service provided to the CSC is an infrastructure capabilities
type. IaaS environments and virtualized services are facing more challenges and threats than
traditional information technology infrastructure and applications. Platforms that share computing,
storage and network services need protections specific to the threats in the IaaS environment. If
these threats are not carefully addressed, it will have very negative impacts on the development of
IaaS services. This Recommendation aims to document the security requirements of public IaaS. This
will be helpful for IaaS CSPs to improve the overall security level throughout the planning,
constructing and operating stages of IaaS platform and services. This work also complements the
security standardization activity related to software-defined networks, especially X.sdnsec.
URI: https://www.itu.int/ITU-T/workprog/wp_item.aspx?isn=13578
• ITU-T X.SRNaaS: Network as a Service (NaaS) is one of the representative cloud service categories,
in which the capability provided to the cloud service customer (CSC) is transport connectivity and
related network capabilities. NaaS services can provide any of three cloud capabilities: NaaS
application service, NaaS platform service and NaaS connectivity service. All three kinds of NaaS
service face particular security challenges such as application security vulnerabilities, security risks
of network virtualization, eavesdropping, etc. Recommendation ITU-T X.SRNaaS analyses the
security challenges and security requirements of NaaS application, NaaS platform and NaaS
connectivity. This Recommendation could help NaaS service providers to address security issues.
The capabilities provided by this Recommendation will take into account the national legal and
regulatory obligations in individual Member States in which the NaaS services operate. The
methodology of this proposal would follow the recommendations of clause 10 in Recommendation
ITU-T X.1601.
URI: https://www.itu.int/itu-t/workprog/wp_item.aspx?isn=13590
• ITU-T X.SRCaaS: Recommendation ITU-T X.SRCaaS recommends the security requirements of
communication as a service (CaaS) application environments with the identification of the risks. The
Recommendation describes the scenarios and the features of CaaS, into which multi-communication
capabilities are plugged. Moreover, some special /unique risks are identified, which are caused by
the unique features of CaaS. The corresponding security requirements are recommended for the
following aspects: identity fraud, orchestration security, multi-device security, countering spam,
privacy protection, infrastructure attack, attack from infrastructure, Intranet attack and so on. The
395