Page 74 - Cloud computing: From paradigm to operation
P. 74
1 Framework and requirements for cloud computing
8.3.1.7 CSP:cloud service security and risk manager
The CSP:cloud service security and risk manager is a sub-role of cloud service provider which has the
responsibility of ensuring that the cloud service provider appropriately manages the risks associated with
the development, delivery, use and support of cloud services. This includes ensuring that the information
security policies of the cloud service customer and the cloud service provider are aligned and meet the
security requirements stated in the SLA.
The CSP:cloud service security and risk manager's cloud computing activities include:
• manage security and risks (clause 8.3.2.17);
• design and implement service continuity (clause 8.3.2.18);
• ensure compliance (clause 8.3.2.19).
8.3.1.8 CSP:network provider
The CSP:network provider is a sub-role of cloud service provider which is to provide network connectivity
and network services for the cloud service customer, cloud service partner and cloud service provider. The
CSP:network provider may provide network connectivity between systems within the cloud service
provider's data centre, or provide network connectivity between the cloud service provider's systems and
systems outside the provider's data centre, for example, cloud service customer systems or systems
belonging to other cloud service providers.
The CSP:network provider's cloud computing activities include:
• provide network connectivity (clause 8.3.2.20);
• deliver network services (clause 8.3.2.21);
• provide network management services (clause 8.3.2.22).
The CSP:network provider can also choose to offer dynamic control of network connectivity as an NaaS.
8.3.2 Cloud computing activities
The cloud computing activities which relate to the sub-roles of cloud service provider are shown in
Figure 8-4.
66
