Page 747 - Cloud computing: From paradigm to operation
P. 747

XaaS                                                     3


            8.1.1.3    Access management

            SaaS  application  environment  administrators  are  required  to  provide  mechanisms,  which  delegate
            authorization  to  tenants'  administrators.  The  tenants'  administrators  grant  access  rights  to  their
            corresponding resources. The access management of such a SaaS application environment should support
            multiple access control models, such as identity based model, strategy based model, role based model, task
            based model, etc.

            For  custom  and  configurable  level  SaaS  applications,  a  role-based  access  control  model  is  a  basic
            requirement. For instance, CSN, which supports to build a service from CSP, may be in charge of some
            applications but has no rights to administer the whole cloud service system. Besides, CSN may be allowed to
            access only a part of the resources with granted access rights. However, CSN can share its resource by
            providing application interfaces to other CSNs.
            For the multi-tenant and scalable level, an integration of access control model for each individual and group
            is needed. For the role-based access control, shared resources among multiple tenants should be utilized
            according to task groups in a work flow and rights granted to those tasks. Thus, when these task groups are
            executed, the SaaS application environment should define the support task-based access control mechanism.
            This mechanism is used to make sure that access right of tenants to underlying resources could be timely
            granted and revoked, and underlying resources are prevented from unauthorized utilization.

            8.1.2   Interface security

            The SaaS application environment  is required to secure interfaces open to  CSPs or CSNs through which
            various  kinds  of  cloud  computing  services  are  delivered  or  developed,  and  it  is  also  required  to  secure
            communications  based  on  these  interfaces.  Mechanisms  that  are  available  to  ensure  interface  security
            include but are not limited to: unilateral/mutual authentication, integrity checksum, digital signature, etc.
            8.1.3   Data security

            8.1.3.1    Data isolation
            Data can be isolated physically or logically. Physical data isolation should be accomplished by the access
            control of physical storages. It should require the SaaS application environment to store data of different
            tenants in different areas of physical storage, or implement the data accesses control for different tenants
            through access permission, data domain or any other methods. Logical data isolation implies that different
            tenants should be avoided to access others' data by the means of techniques such as virtualization, even if
            all the data are stored together.
            For custom and configurable level SaaS applications, each tenant's data are separately stored and isolated
            from the others at the physical level.
            For multi-tenant and scalable level SaaS applications, all tenant's data are stored in the cloud. Therefore, the
            SaaS application environment is required to be intelligent enough to segregate data from different tenants,
            and maintain isolation among different tenants' data at rest, at processing or at transmission. The boundary
            between each tenant should be ensured at the physical level or at the logical level, which depends on the
            required isolation granularity and the specific deployment of the cloud computing software and hardware.

            8.1.3.2    Data confidentiality
            In most cases, the tenant's data is on off-premise storage and utilization, and is subjected to exposure.
            Therefore, the SaaS application environment is required to support encryption mechanisms to ensure data
            confidentiality in transmission, during processing or out of occupation, and prevent data leakage due to
            security vulnerabilities in the application.

            Data encryption service is required for all SaaS levels. Critical data is required to be encrypted to prevent
            exposure.

            For multi-tenant and scalable level, as tenants' data should be stored in one database or even one big table,
            the SaaS application environment is required to provide an appropriate key management mechanism to
            ensure that the data cannot be cracked by other tenants.


                                                                                                         739
   742   743   744   745   746   747   748   749   750   751   752