As a CIO, one needs to understand the various factors that affect the implementation & performance of Cloud Security architecture. General issues involving regulatory requirements, standards compliance, security management, information classification and security awareness need to be considered along with more specific architectural related issues - trusted hardware & software, secure execution environment, secure communications and hardware augmentation using micro-architectures. These architectural issues are elaborated below.
Trusted Computing: Trusted cloud computing protects cloud systems from malicious intrusions, attacks, protects data in use by hypervisors & applications, provides for strong authentication, applies encryption to protect sensitive data & supports compliance through hardware & software. Protection domains are the execution & memory space assigned to each concurrent running process & they protect the programs from all unauthorized modification or executional interference. A trusted computing base is the total combination of protection mechanism including hardware, software & firmware that are trusted to enforce an organization's security policy.
Secure Execution Environment: In the cloud, applications run on different servers in a distributed mode and may contain sensitive data. The cloud service provider should have a secure execution environment that enables protected data transfers via strong authentication mechanisms and clients must implement best practices to address privacy & confidentiality of information exchange.
Secure Communications: Organizations should reevaluate their communications security policies once they move to the cloud as the cloud brings about newer challenges in this area. The communications referred here are both - data in motion & data at rest! Secure cloud communication revolves around structures, transmission methods, transport formats, security measures to provide confidentiality (network security protocols, authentication, data encryption), data integrity (firewall, communications security & intrusion detection), availability (logins, fault tolerance, backups, redundancy) & authentication for transmissions over public & private networks.
Micro-architectures: Micro-architectures can be designed as hardware accelerators for functions such as encryption, arithmetic functions & to secure web transactions to support cloud computing. Micro-architecture designs may include concepts related to Pipelining to increase performance by overlapping steps of different instructions, super-scalar processor to enable concurrent execution of multiple instructions and Very-Long Instruction Word Processing (VLIW) to specify a more than one concurrent operations in a single instruction.
To summarize, cloud computing security architecture is a critical element in establishing trust amongst users of the Cloud Services!
References: Cloud Security by Ronald L Krutz, Russell Dean Vines.
Also posted on BMC Communities blog - Cloud-n-more
Trusted Computing: Trusted cloud computing protects cloud systems from malicious intrusions, attacks, protects data in use by hypervisors & applications, provides for strong authentication, applies encryption to protect sensitive data & supports compliance through hardware & software. Protection domains are the execution & memory space assigned to each concurrent running process & they protect the programs from all unauthorized modification or executional interference. A trusted computing base is the total combination of protection mechanism including hardware, software & firmware that are trusted to enforce an organization's security policy.
Secure Execution Environment: In the cloud, applications run on different servers in a distributed mode and may contain sensitive data. The cloud service provider should have a secure execution environment that enables protected data transfers via strong authentication mechanisms and clients must implement best practices to address privacy & confidentiality of information exchange.
Secure Communications: Organizations should reevaluate their communications security policies once they move to the cloud as the cloud brings about newer challenges in this area. The communications referred here are both - data in motion & data at rest! Secure cloud communication revolves around structures, transmission methods, transport formats, security measures to provide confidentiality (network security protocols, authentication, data encryption), data integrity (firewall, communications security & intrusion detection), availability (logins, fault tolerance, backups, redundancy) & authentication for transmissions over public & private networks.
Micro-architectures: Micro-architectures can be designed as hardware accelerators for functions such as encryption, arithmetic functions & to secure web transactions to support cloud computing. Micro-architecture designs may include concepts related to Pipelining to increase performance by overlapping steps of different instructions, super-scalar processor to enable concurrent execution of multiple instructions and Very-Long Instruction Word Processing (VLIW) to specify a more than one concurrent operations in a single instruction.
To summarize, cloud computing security architecture is a critical element in establishing trust amongst users of the Cloud Services!
References: Cloud Security by Ronald L Krutz, Russell Dean Vines.
Also posted on BMC Communities blog - Cloud-n-more
