Page 806 - Cloud computing: From paradigm to operation
P. 806

5                                            Intercloud and interoperability


            The relevant CSPs form a common trusted inter-cloud to establish a trust relationship between them. In
            particular, the multiple CSPs involved in inter-cloud may be administered by different parties. In case of an
            inter-cloud  federation,  the  involved  CSPs  may  establish  trust  relationships  among  them  prior  to  any
            interactions between them or during inter-cloud interactions (e.g., service requests between CSPs).

            The specifics of trusted inter-cloud computing are different depending on the technologies used by CSC or
            CSP. Therefore, the management of trusted inter-cloud takes into account different levels of security.

            Trusted inter-cloud relationships can be expressed through cross-cutting aspects (identified in [ITU-T Y.3502]),
            such as the governance, management, resiliency and security of inter-cloud.
            Trusted  inter-cloud  computing  covers  security  threats  for  CSC  and  threats  for  CSP.  The  specific  threats
            depend on the level of responsibilities and control between the CSC and CSP, or between CSPs (such as those
            identified in [ITU-T X.1601]). In trusted inter-cloud systems, the control can be exchanged between CSC and
            CSP or between CSPs to achieve security continuum. The security of inter-cloud can be realized based on:
            a)      self-service security which enables self-service management of security in heterogeneous cloud
                    infrastructures and provides flexible mechanisms to let CSC or CSP control the security of their cloud
                    computing resources in a fine-grained manner;
            b)      self-managed security which enables full automation of security management in order to reduce
                    operational  costs  while  adding  more  flexibility  and  providing  a  unified  view  of  security  in
                    heterogeneous cloud computing environments;
            c)      end-to-end security which implements a distributed security abstraction layer between endpoints
                    defined  by  the  CSC  to  overcome  the  heterogeneity  of  security  technologies  across  multi-cloud
                    environments  and  to  manage  trust  relationships  between  different  layers  and  across  CSPs,  to
                    provide a unified user experience of security.

            The  governance  of  inter-cloud  means  the  system  by  which  inter-cloud  is  directed  and  controlled.
            A governance system has to monitor and to control usage of cloud computing system in both horizontal
            (cross-provider) and vertical (cross-layer) dimensions with a high level of automation.

            The resiliency of inter-cloud means the ability of multi-cloud environment to provide and to maintain an
            acceptable  quality  level  of  service  in  the  face  of  faults  (unintentional,  intentional  or  naturally  caused)
            affecting normal operations.

            6.1     Governance of trusted inter-cloud

            One of the main challenges in inter-cloud computing is to respect security, confidentiality, and compliance
            requirements of cloud services hosted in a multi-cloud environment. The governance aspects become key
            parts of service level agreements (SLAs) for cloud services as they allow for usage of cloud services in a
            transparent  manner  over  all  their  lifecycle.  The  governance  roles  guarantee  security  and  appropriate
            treatment of cloud applications and cloud data independently of the deployment model. They are specified
            and targeted for an operational area of cloud computing.
            The governance of trusted inter-cloud is based on specific policies and principles which allow for the use of
            particular  cloud  services  in  a  trustworthy  manner.  This  needs  strongly  isolated  (physically  or  logically)
            instances of cloud services for aspects including identity management, geographic redundancy, support for
            hybrid scenarios, and effective inter-cloud data (workloads) management. The CSPs establishing a trusted
            inter-cloud relationship are obliged to determine their  policies of decision-making roles, and implement
            these policies in their management systems.
            The governance of trusted inter-cloud can be expressed as    a  system  of  directing  and  controlling  an
            inter-cloud  environment  to  reach  objectives  for  trust.  It  can  be  spread  over  the  governance  body  and
            governance executive. The governance body consists of a set of representatives of CSPs (person or group of
            people) who are accountable for the performance and conformance of the trusted inter-cloud environment.
            The governance executive represents the system by which current and future use of trusted inter-cloud is
            directed and controlled. The governance executive also provides plans, builds and runs trusted inter-cloud
            enabled business.



            798
   801   802   803   804   805   806   807   808   809   810   811