KEMBAR78
Chapter 6 Security Reference Model | PDF | Cloud Computing | Policy
0% found this document useful (0 votes)
286 views30 pages

Chapter 6 Security Reference Model

Uploaded by

seif
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
286 views30 pages

Chapter 6 Security Reference Model

Uploaded by

seif
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

Cloud Computing

Sandeep Bhowmik

Chapter 6

Security Reference Model

Cambridge University Press


Chapter 6 Security Reference Model

The Security Concern

• Security is one among the topmost concerns of any


computing model and cloud computing is no exception.

• In cloud computing, consumers are moving from the


traditional in-house computing environment to outside
service providers.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 2


Chapter 6 Security Reference Model

The Security Concern

• Traditional data centers allows perimeterised (i.e. within


organization’s own network boundary or perimeter)
access to computing resources.

• Cloud computing promotes de-perimeterisation.

• Traditional concept of security boundary no more


applies in cloud computing.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 3


Chapter 6 Security Reference Model

The Security Concern

• Cloud computing moves beyond the concept of working


inside protected network boundary.

• But, it causes no more threat to security which was not


there in traditional computing.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 4


Chapter 6 Security Reference Model

The Security Concern

• Cloud Security Working Groups

• Many organizations and groups have worked separately on


developing a cloud security model.

• Two such bodies are –


• The Cloud Security Alliance
• Jericho Forum Group

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 5


Chapter 6 Security Reference Model

The Security Concern

• The Cloud Security Alliance (CSA)

• “Security Guidance for Critical Areas of Focus in Cloud


Computing” released by CSA in 2009 is considered as vital
testimonial on cloud computing security.

• It categorizes the cloud security related issues in fourteen


different sections.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 6


Chapter 6 Security Reference Model

The Security Concern

• The Jericho Forum Group

• An international consortium formed with the objective of


addressing concerns related to de-perimeterised computing
environment.

• They have contributed positively in development of cloud


security framework.

• Jericho Forum and the Cloud Security Alliance had worked


together to promote best practices for secured collaboration in
the cloud.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 7


Chapter 6 Security Reference Model

Elements of Cloud Security Model

• Analyst firm Gartner advices consumers to seek transparency


related to seven specific issues from service providers before
moving into cloud –
• Privileged user access
• Regulatory compliance
• Data location
• Data segregation
• Recovery
• Investigative support
• Long-term viability

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 8


Chapter 6 Security Reference Model

Cloud Security Reference Model

• The cloud computing community and many organizations


working in the field of network security were working for years
to develop a model to address cloud security.

• The Jericho Forum group came up with a model called Cloud


Cube Model, to address the security issue.

• This cube model is considered as the security reference model


for cloud computing.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 9


Chapter 6 Security Reference Model

The Cloud Cube Model

• The Jericho Forum Group proposed Cloud Cube Model in 2009,


defining a three-dimensional cube.

• The model was originally created to address the issue of


network de-perimeterisation.

• The model suggests that cloud security should not measured


depending only on the narrow perspective of ‘internal’ or
‘external’.

• Many other factors are also related with the issue of security.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 10


Chapter 6 Security Reference Model

The Cloud Cube Model

• The cloud cube model is designed to represent four security


related criterions.

• Jericho Forum suggests to decide about the four criterions while


moving to cloud computing environment –
• Data Boundary
• Ownership
• Security Boundary
• Sourcing

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 11


Chapter 6 Security Reference Model

The Cloud Cube Model

• These four criterions are represented across different


dimensions of a cube.

• Each of these 4 criterions have 2 probable answers.

• Hence, there can be 42 or 16 different forms of cloud computing


environment.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 12


Chapter 6 Security Reference Model

The Cloud Cube Model

• Data Boundary
• Internal (I)
• External (E)

• This security dimension represents the physical storage location


of organization’s data.

• It is important to note that, external storage location does not


necessarily mean lesser security.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 13


Chapter 6 Security Reference Model

The Cloud Cube Model

• Data Boundary

• The Data Boundary dimension divides the entire cube of the


Cloud Cube model, in two parts.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 14


Chapter 6 Security Reference Model

The Cloud Cube Model

• Ownership
• Proprietary (P)
• Open (O)

• This dimension determines the ownership of the technology


used for building the cloud.

• Reputed commercial vendor generally prefer to build services


using their own proprietary technologies.

• But, this limits interoperability.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 15


Chapter 6 Security Reference Model

The Cloud Cube Model

• Ownership

• The Ownership dimension divides the entire cube of the Cloud


Cube model, in two parts.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 16


Chapter 6 Security Reference Model

The Cloud Cube Model

• Security Boundary
• Perimeterised (Per)
• De-perimeterised (D-p)

• This dimension determines whether to operate inside the


traditional network security boundary or not.

• Perimeterised approach enhances security, but prevents


collaboration.

• De-perimeterised system shows the natural intent to collaborate


with the systems outside own perimeter.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 17


Chapter 6 Security Reference Model

The Cloud Cube Model

• The Security Boundary dimension divides the entire cube of the


Cloud Cube model, in two parts.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 18


Chapter 6 Security Reference Model

The Cloud Cube Model

• Depending on data-boundary (I/E) and ownership (P/O) there


can be four types of cloud formations - IP, IO, EP, EO.

• Each of these forms comes with either of the two architectural


mindsets - Perimeterised or De-perimeterised, as security
boundary.

• Taken together, there are total eight possible cloud formations -


Per (IP, IO, EP, EO) and D-p (IP, IO, EP, EO).

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 19


Chapter 6 Security Reference Model

The Cloud Cube Model

• Sourcing
• Insourced
• Outsourced

• This security dimension indicates who delivers and manages the


service.

• If it is provided by organization’s own/internal team, then it is


Insourced.

• If the service is delivered by some third party then it is called


Outsourced.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 20


Chapter 6 Security Reference Model

The Cloud Cube Model

• Sourcing

• Insourced cloud services indicates towards private cloud.

• Outsourced service can deliver both public and private cloud.

• Insourcing of service does not mean better security. Security of


cloud service largely depends on the expertise of the delivery
team.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 21


Chapter 6 Security Reference Model

The Cloud Cube Model

• Sourcing

• Sourcing can either be outsourced or insourced for each of the


eight cloud forms discussed earlier.

• In Jericho Forum's Cloud Cube Model this fourth dimension is


represented by two different colours for painting the cubes.

• Hence the eight smaller cubes that come out after combining the
first three dimensions discussed, can take either of the two
colours.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 22


Chapter 6 Security Reference Model

The Cloud Cube Model

• Jericho Forum's Cloud Cube Model.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 23


Chapter 6 Security Reference Model

The Cloud Cube Model

• In this model, the top-right-rear E/O/D-p cloud formation is


considered as the “sweet spot” where optimal flexibility and
collaboration can be achieved.

• The bottom-left-front I/P/Per cloud formation is the most


restricted one.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 24


Chapter 6 Security Reference Model

Cloud Security against Traditional Computing

• Collaboration is the tune of cloud based business systems.

• Both consumers and service providers have their share of


responsibilities in ensuring adequate security.

• But, unlike traditional computing, consumers no more need to


manage everything starting from the bottom of the stack in
cloud computing.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 25


Chapter 6 Security Reference Model

Cloud Security against Traditional Computing

• Share of security management responsibilities

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 26


Chapter 6 Security Reference Model

Cloud Security Management

• Security management responsibilities in cloud by service type

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 27


Chapter 6 Security Reference Model

Cloud Security Policy

• Security policies are a set of documentation that guides for


reliable security implementation.

• Cloud security strategy define different policies like, system


security policies, software policies, and information system
policies etc.

• Cloud computing environment also asks organizations to


maintain some general policies related to security –
• Management Policy
• Regulatory Policy
• Advisory Policy
• Informative Policy

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 28


Chapter 6 Security Reference Model

Trusted Cloud Computing

• Trusted computing is a term that refers to technologies, design


and policies to develop a highly secure and reliable computing
system.

• Trusted cloud computing can be viewed as a way to ensure that


the system acts in a predictable manner as intended.

• Reputation or trust building is a time taking process, and larger


cloud providers have already taken measures to establish this
trust.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 29


Chapter 6 Security Reference Model

Thank You

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press

You might also like