Skip to main content

The security boundary

In cloud computing, understanding the security boundary is crucial for effectively discussing and implementing security measures. The specific cloud computing model being used helps define the built-in security features, identify the parties responsible for security mechanisms, and establish the boundary between the service provider's and customer's responsibilities.

The most commonly used model, based on the U.S. National Institute of Standards and Technology (NIST), separates deployment models from service models and assigns a set of service attributes to each. Deployment models include community, hybrid, private, and public clouds, while service models follow the SPI (Software, Platform, Infrastructure) model, encompassing Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). NIST's model does not mandate the use of virtualization or multi-tenancy, but these factors significantly impact security in cloud computing.

The Cloud Security Alliance (CSA) also provides a cloud computing stack model, which depicts the relationship between different functional units in a network stack. This model helps separate the various service models from each other. CSA is an industry working group focused on studying security issues in cloud computing and providing recommendations to its members. They divide their guidance into operational domains, including governance and enterprise risk management, legal and electronic discovery, compliance and audit, information lifecycle management, portability and interoperability, traditional security, business continuity, and disaster recovery, datacenter operations, incidence response, notification, and remediation, application security, encryption and key management, identity and access management, and virtualization.

One notable difference between the NIST model and CSA's approach is that CSA considers multi-tenancy to be an essential element in cloud computing. Multi-tenancy brings additional security concerns that must be addressed. Cloud service providers need to ensure customer isolation, data segmentation, and accurate service accounting. This is achieved through policy-based environments supporting various levels and qualities of service, often with different pricing models. Multi-tenancy manifests differently in each cloud deployment model, introducing specific security considerations in different areas.

Labels:

Comments

Post a Comment

Popular posts from this blog

2.1 VIRTUAL MACHINES PROVISIONING AND MANAGEABILITY

In this section, we will have an overview on the typical life cycle of VM and its major possible states of operation, which make the management and automation of VMs in virtual and cloud environments easier than in traditional computing environments As shown in Figure above, the cycle starts by a request delivered to the IT department, stating the requirement for creating a new server for a particular service.  IT administration to start seeing the servers’ resource pool, matching these resources with the requirements, and starting the provision of the needed virtual machine.  Once provisioned machine started, it is ready to provide the required service according to an SLA, or a time period after which the virtual is being released.
Post a Comment
Read more

2.2 VIRTUAL MACHINE MIGRATION SERVICES

Migration service, in the context of virtual machines, is the process of moving a virtual machine from one host server or storage location to another; there are different techniques of VM migration, hot/life migration, cold/regular migration, and live storage migration of a virtual machine. In process of migration, all key machines’ components, such as CPU, storage disks, networking, and memory, are completely virtualized, thereby facilitating the entire state of a virtual machine to be captured by a set of easily moved data files. 2.2.1. Migrations Techniques Live Migration and High Availability Live migration (which is also called hot or real-time migration) can be defined as the movement of a virtual machine from one physical host to another while being powered on.  Live migration process takes place without any noticeable effect from the end user’s point of view (a matter of milliseconds).  One of the most significant advantages of live migration is the fact that it facili...
Post a Comment
Read more

Open SaaS and SOA

A considerable amount of SaaS software is based on open source software.  When open source software is used in a SaaS,  it referred to as Open SaaS.  The advantages of using open source software are that systems are much cheaper to deploy because you don’t have to purchase the operating system or software, there is less vendor lock-in, and applications are more portable.  The popularity of open source software, from Linux to APACHE, MySQL, and Perl (the LAMP platform) on the Internet, and the number of people who are trained in open source software make Open SaaS an attractive proposition.  The impact of Open SaaS will likely translate into better profitability for the companies that deploy open source software in the cloud, resulting in lower development costs and more robust solutions. SOA (Service-Oriented Architecture): SOA is an architectural approach for designing and developing software systems that are composed of loosely coupled services.  In an SO...
Post a Comment
Read more