Page 746 - Cloud computing: From paradigm to operation
P. 746

XaaS                                                     3






















                                       Figure 6 – Relationship among CSC, CSP and CSN


            CSP and CSN have their own security requirements about the environment in different levels of SaaS. Table
            2 illustrates the security requirements of CSP and CSN in the SaaS application environment. The requirements
            applicable for both CSP and CSN are the common requirements.


                        Table 2 – Security requirements of CSP and CSN in SaaS application environment


                                                      SaaS application environment
             Common        Identity and access management, data security, security assessment and audit, interface security,
             requirements  security hardening.
                           Availability, service interoperability/portability guarantee, software assets protection, legal
             CSP
                           compliance, security verification for source codes.
             CSN           Audit security, software security, software maintainability.

            8.1     Common security requirements

            For both CSP and CSN, they have several common security requirements in the SaaS application environment.
            8.1.1   Identity and access management (IAM)

            8.1.1.1    Identity management (IdM)
            Multiple administrators and users are involved in the SaaS application environment, which can be accessed
            to and used internally (CSPs) and externally (CSNs). Identity Management (IdM) is needed not only to protect
            identities,  but  also to  facilitate  access management,  authentication,  authorization  and  transaction  audit
            processes in such a dynamic and open SaaS application environment.

            For all maturity models, IdM should enable the implementation of single sign-on and/or identity federation
            for the SaaS application environment using varied authentication mechanisms in different security domains.

            8.1.1.2    Trust model

            The SaaS application environment is required to incorporate an overall trust model for both multi-tenant
            level and scalable level. This trust model will enable the creation of islands and/or federations of trusted
            entities. Consequently, the SaaS application environment management system, the underlying resources,
            hypervisors, virtual machines and applications built upon the SaaS application environment will be able to
            authenticate the identities and authorized rights of other entities and components. Each island or federation
            of trust will be based on one or more trusted authorities (e.g., a public key infrastructure (PKI) certificate
            authority).






            738
   741   742   743   744   745   746   747   748   749   750   751