Page 97 - Cloud computing: From paradigm to operation
P. 97
Framework and requirements for cloud computing 1
9.2.5.1.3 Service integration
The service integration functional component provides connections to services running within the provider's
environment. The service integration functional component is an essential aspect of virtualizing the services
so that, for example, their location and implementation details are hidden from the components that depend
on those services.
9.2.5.1.4 Peer service integration
The peer service integration functional component is used to connect to services of peer cloud service
providers in a controlled fashion, with appropriate security and with appropriate accounting for the usage,
linking back to the identity of the cloud service customer. The peer service integration functional component
also virtualizes the links to the target services, so that the details of those services can change dynamically
without impact on the functional components that reference the services.
9.2.5.2 Security systems functional components
The security systems functional components are responsible for applying security related controls to
mitigate the security threats in cloud computing environments. The security systems functional components
encompass all the security facilities required to support cloud services.
The security systems functional components include:
• authentication and identity management;
• authorization and security policy management;
• encryption management.
9.2.5.2.1 Authentication and identity management
The authentication and identity management functional component provides capabilities relating to user
identities and the credentials required to authenticate users when they access cloud services and their
related administration and business capabilities.
Identity management can involve federated identity management to permit users to employ the same
identity and credentials to access multiple cloud services, providing capabilities such as "single sign-on".
9.2.5.2.2 Authorization and security policy management
The authorization and security policy management functional component provides capabilities for the
control and application of authorization for users to access specific capabilities or data. Service policy
management provides for the definition and application of security policies which relate to cloud services.
9.2.5.2.3 Encryption management
The encryption management functional component provides capabilities relating to the encryption of data,
whether data at rest or data in motion. Encryption key management and encryption scheme selection are
some of the capabilities provided.
9.2.5.3 Operational support systems functional components
The operational support systems functional components encompass the set of operational related
management capabilities that are required in order to manage and control the cloud services offered to
customers.
The operational support systems functional components include:
• service catalogue;
• provisioning;
• monitoring and reporting;
• service policy management;
• service automation;
89
