Skip to main content

The security boundary

In cloud computing, understanding the security boundary is crucial for effectively discussing and implementing security measures. The specific cloud computing model being used helps define the built-in security features, identify the parties responsible for security mechanisms, and establish the boundary between the service provider's and customer's responsibilities.

The most commonly used model, based on the U.S. National Institute of Standards and Technology (NIST), separates deployment models from service models and assigns a set of service attributes to each. Deployment models include community, hybrid, private, and public clouds, while service models follow the SPI (Software, Platform, Infrastructure) model, encompassing Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). NIST's model does not mandate the use of virtualization or multi-tenancy, but these factors significantly impact security in cloud computing.

The Cloud Security Alliance (CSA) also provides a cloud computing stack model, which depicts the relationship between different functional units in a network stack. This model helps separate the various service models from each other. CSA is an industry working group focused on studying security issues in cloud computing and providing recommendations to its members. They divide their guidance into operational domains, including governance and enterprise risk management, legal and electronic discovery, compliance and audit, information lifecycle management, portability and interoperability, traditional security, business continuity, and disaster recovery, datacenter operations, incidence response, notification, and remediation, application security, encryption and key management, identity and access management, and virtualization.

One notable difference between the NIST model and CSA's approach is that CSA considers multi-tenancy to be an essential element in cloud computing. Multi-tenancy brings additional security concerns that must be addressed. Cloud service providers need to ensure customer isolation, data segmentation, and accurate service accounting. This is achieved through policy-based environments supporting various levels and qualities of service, often with different pricing models. Multi-tenancy manifests differently in each cloud deployment model, introducing specific security considerations in different areas.

Labels:

Comments

Post a Comment

Popular posts from this blog

2.1 VIRTUAL MACHINES PROVISIONING AND MANAGEABILITY

In this section, we will have an overview on the typical life cycle of VM and its major possible states of operation, which make the management and automation of VMs in virtual and cloud environments easier than in traditional computing environments As shown in Figure above, the cycle starts by a request delivered to the IT department, stating the requirement for creating a new server for a particular service.  IT administration to start seeing the servers’ resource pool, matching these resources with the requirements, and starting the provision of the needed virtual machine.  Once provisioned machine started, it is ready to provide the required service according to an SLA, or a time period after which the virtual is being released.
Post a Comment
Read more

2.2 VIRTUAL MACHINE MIGRATION SERVICES

Migration service, in the context of virtual machines, is the process of moving a virtual machine from one host server or storage location to another; there are different techniques of VM migration, hot/life migration, cold/regular migration, and live storage migration of a virtual machine. In process of migration, all key machines’ components, such as CPU, storage disks, networking, and memory, are completely virtualized, thereby facilitating the entire state of a virtual machine to be captured by a set of easily moved data files. 2.2.1. Migrations Techniques Live Migration and High Availability Live migration (which is also called hot or real-time migration) can be defined as the movement of a virtual machine from one physical host to another while being powered on.  Live migration process takes place without any noticeable effect from the end user’s point of view (a matter of milliseconds).  One of the most significant advantages of live migration is the fact that it facili...
Post a Comment
Read more

1.2 ROOTS OF CLOUD COMPUTING

We can track the roots of clouds computing by observing the advancement of several technologies, especially in hardware (virtualization, multi-core chips), Internet technologies (Web services, service-oriented architectures, Web 2.0), distributed computing (clusters, grids), and systems management (autonomic computing, data center automation).  Below Figure shows the convergence of technology fields that significantly advanced and contributed to the advent of cloud computing. . We present a closer look at the technologies that form the base of cloud computing, with the aim of providing a clearer picture of the cloud ecosystem as a whole. 1.2.1 From Mainframes to Clouds 1.2.2 SOA, Web Services, Web 2.0, and Mashups 1.2.3 Grid Computing 1.2.4 Utility Computing 1.2.5 Hardware Virtualization 1.2.6 Virtual Appliances and the Open Virtualization Format 1.2.7 Autonomic Computing ______ Cloud computing has its roots in several technologies and developments, including virtualization, gr...
Post a Comment
Read more