Information Technology Reference
In-Depth Information
3. Infrastructure: This area addresses both physical security and soft-
ware security. Physical security refers both to the physical infra-
structure of the cloud computing environment (i.e., the data center
itself) and the security practices surrounding the physical infra-
structure. For example, this area covers whether the data center has
redundant Internet access methods, as well as what practices are in
place regarding access to the physical facility (e.g., requiring both
identification documents and biometric scanning as prerequisites
for entering the data center facility). Physical infrastructure would
also refer to the hardware within the data center like back-up gen-
erators and so on. Finally, infrastructure also refers to the software
infrastructure used to implement the cloud computing environ-
ment. Most cloud computing (though not all) uses virtualization as
a foundation for the cloud computing environment, so this security
area would cover the virtualization hypervisor, including security
practices related to controlling access to logging into administer the
virtualization and ensuring proper security patches are installed.
19.7 Assessing a Cloud Service Provider
A report by the European Network and Information Security Agency sug-
gests the following security risks as being priorities for cloud-specific
architectures:
1.
Loss of governance
: Governance is complicated by the fact that some
responsibilities are delegated to the cloud provider, but the lines
of responsibility do not fall across traditional boundaries. These
boundaries are less well established and may need to be debated
with the cloud provider in terms of what responsibility they will
wholly adopt and what responsibility needs to be shared. The tra-
ditional approach is to draw up service-level agreements (SLAs),
though these, without sufficient scrutiny, may leave security gaps.
2.
Lock-in
: At the time of writing, there is a lack of consensus with
regard to tools, procedures, or standard data formats to enable data,
application, and service portability. Cloud consumers who wish to
migrate to other cloud platforms in the future may find the costs too
prohibitive, therefore increasing the dependency between a cloud
provider and consumer.
3.
Isolation failure
: The pooling of computing resources among multi-
ple tenants is a classic cloud environment. It is therefore necessary
to have mechanisms in place to isolate any failures to the mini-
mum number of instances possible. This can also be the source of
Search WWH ::
Custom Search