Page 89 - Cloud computing: From paradigm to operation
P. 89

Framework and requirements for cloud computing                              1


            The split of control means that both roles now share the responsibilities of providing adequate protections
            to the cloud computing systems. Security is a shared responsibility. Security controls, i.e., measures used to
            provide protections, need to be analysed to determine which role is in a better position to implement such
            controls. This analysis needs to include considerations from a service category perspective, where different
            cloud  service  categories  imply  different  degrees  of  control  between  cloud  service  providers  and  cloud
            service customers. It is important to provide a clear definition of the responsibilities of both the customer
            and the provider and to ensure that all aspects of security are covered, to avoid responsibility ambiguity.

            For example, account management controls for initial system privileged users for an IaaS service are typically
            performed by the IaaS cloud service provider; meanwhile, application user account management for the
            application deployed to that IaaS service is typically the responsibility of the cloud service customer who
            deploys the application using the  IaaS service. By contrast, for an SaaS application service, the account
            management controls for all types of users are in the hands of the cloud service provider (although the cloud
            service customer can provide capabilities such as third-party authentication).

            8.5.12.3   Cloud service category perspectives
            A cloud service category defined in Rec. ITU-T Y.3500 | ISO/IEC 17788 is a group of cloud services that possess
            a common set of qualities. Cloud service categories present cloud service customers with different types of
            service management operations and expose different entry points into cloud computing systems, which in
            turn also create different attack surfaces for adversaries. Hence, it is important to consider the impact of
            cloud service categories and their different issues in security design and implementation.
            For example, SaaS provides users with accessibility of cloud computing offerings using a network connection,
            possibly over the Internet and through a web browser. There has been an emphasis on web browser security
            in SaaS cloud computing system security considerations. CSC:cloud service users of IaaS services are typically
            provided with virtual machines (VMs) that are executed on hypervisors on the hosts; therefore, hypervisor
            security for achieving VM isolation has been studied extensively for IaaS cloud service providers that use
            virtualization technologies.

            8.5.12.4   Implications of cloud deployment models
            The different cloud deployment models have important security implications. One way to look at the security
            implications from the deployment model perspective is the differing level of exclusivity of tenants in the
            deployment model. A private cloud is dedicated to one cloud service customer organization, whereas a
            public cloud could have tenants from many different organizations co-existing with each other.

            Another way to analyse the security impact of cloud deployment models is to use the concept of access
            boundaries. For example, an on-site private cloud system can or cannot need additional boundary controllers
            at the cloud service boundary when the private cloud system is hosted on site within the cloud service
            customer  organization's  network  boundary,  whereas  an  outsourced  private  cloud  tends  to  require  the
            establishment of such perimeter protection at the boundary of the cloud services.

            8.5.12.5   Data protection strategy and responsibility
            Protection of data assumes a new dimension in cloud computing. An organization can opt to store its data in
            a cloud service but then the data protection responsibility and accountability needs to be agreed upon
            clearly. The first step that the cloud service customer takes is to properly catalogue the data and identify its
            sensitivity and the risk to the business of its leakage, loss or corruption. (See ISO/IEC 27002 as a reference for
            how to identify the sensitivity of data).
            Ideally, it should be the cloud service customer's responsibility to secure the data before it is moved to a
            cloud computing system. However, the provider would be accountable for any data tampering or theft.
            Encryption is a potential technique to use but then key management has to be given consideration where
            the cloud service customer or any third party manages the keys. If the keys are managed by the cloud service
            provider then they are responsible for the logical and physical control of the keys, as well as the data.







                                                                                                           81
   84   85   86   87   88   89   90   91   92   93   94