7                                                     Security




            1       Scope
            This Recommendation analyses security threats and challenges in the cloud computing environment, and
            describes security capabilities that could mitigate these threats and address security challenges. A framework
            methodology is provided for determining which of these security capabilities will require specification for
            mitigating security threats and addressing security challenges for cloud computing.


            2       References
            None.


            3       Definitions

            3.1     Terms defined elsewhere

            This Recommendation uses the following terms defined elsewhere:
            3.1.1   authentication [b-NIST-SP-800-53]: Verification of the identity of a user, process, or device, often as
            a prerequisite to allowing access to resources in an information system.

            3.1.2   capability [b-ISO/IEC 19440]: Quality of being able to perform a given activity.
            3.1.3   cloud computing [b-ITU-T Y.3500]: Paradigm for enabling network access to a scalable and elastic
            pool of shareable physical or virtual resources with self-service provisioning and administration on demand.
            NOTE  –  Examples  of  resources  include  servers,  operating  systems,  networks,  software,  applications,  and  storage
            equipment.

            3.1.4   cloud service [b-ITU-T Y.3500]: One or more capabilities offered via cloud computing (3.1.3) invoked
            using a defined interface.

            3.1.5   cloud service customer [b-ITU-T Y.3500]: Party (3.1.17) which is in a business relationship for the
            purpose of using cloud services (3.1.4).

            NOTE – A business relationship does not necessarily imply financial agreements.
            3.1.6   cloud service partner [b-ITU-T Y.3500]: Party (3.1.17) which is engaged in support of, or auxiliary to,
            activities of either the cloud service provider (3.1.7) or the cloud service customer (3.1.5), or both.
            3.1.7   cloud service provider [b-ITU-T Y.3500]: Party (3.1.17) which makes cloud services (3.1.4) available.
            3.1.8   cloud service user [b-ITU-T Y.3500]: Natural person, or entity acting on their behalf, associated with
            a cloud service customer (3.1.5) that uses cloud services (3.1.4).
            NOTE – Examples of such entities include devices and applications.
            3.1.9   Communications as a Service (CaaS) [b-ITU-T Y.3500]: Cloud service category in which the capability
            provided to the cloud service customer (3.1.5) is real time interaction and collaboration.
            NOTE – CaaS can provide both application capabilities type and platform capabilities type.

            3.1.10  community  cloud  [b-ITU-T  Y.3500]:  Cloud  deployment  model  where  cloud  services  (3.1.4)
            exclusively support and are shared by a specific collection of cloud service customers (3.1.5) who have shared
            requirements  and  a  relationship  with  one  another,  and  where  resources  are  controlled  by  at  least  one
            member of this collection.
            3.1.11  data controller [b-key definition]: A person who (either alone or jointly or in common with other
            persons) determines the purposes for which and the manner in which any personal data are, or are to be,
            processed.
            3.1.12  data processor [b-key definition]: In relation to personal data, this means any person (other than an
            employee of the data controller) who processes the data on behalf of the data controller.




            968