Security considerations and requirements for Cloud computing

摘要

Based on the standard definition of cloud computing developed by NIST, Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Recent studies show security issues in cloud computing are considered as a major concern. There are different models that depict the responsibility of cloud providers and customers for securing the cloud computing environments based on different service models. To the best of our knowledge, despite there are various security standards and segregation of duty models, in most cases binding of security controls to use at each layers of the model is not specified. This problem leads to some ambiguities in how to use the existing security controls in different layers. In this paper, we will combine security standards and segregation of duty models of cloud computing to introduce a reference model and useful guidelines for securing the cloud computing environments. The proposed security reference model considers both the security requirements and controls in each service models and, for all cloud layers. Also, it separates the security responsibilities of cloud provider and cloud customer to manage security controls. Since this paper is concerned primarily all aspects of security requirements, it can be directly useful to individuals who want to provide or use the cloud computing environments.