Step 2: Identify Vulnerabilities for Your Selected Service(s)
Cloud computing, which depends heavily on virtualization to realize operational savings and efficiencies, has elastic boundaries, and potentially pushes out the perimeter of the enterprise and security controls far beyond the data center. It’s important to recognize that the traditional border behind which data and platform are constrained and protected—typically physical separation and isolation—is no longer viable for dynamic cloud architecture models. It’s also important to understand that while a fill-the-gap approach may seem to work on a particular vulnerability, it may expose unknown vulnerabilities in other areas. Regardless of the cloud delivery model you choose, your best approach is to review the specific service architecture, and then layer technologies to develop a strong security net that protects data, applications and platform, and network at all levels.
Spotlight on Cloud Service Architecture5
There are three types of cloud services: infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). IaaS Delivers computer infrastructure as a utility service, typically in a virtualized environment Provides enormous potential for extensibility and scale PaaS Delivers a platform or solution stack on a cloud infrastructure Sits on top of the IaaS architecture and integrates with development and middleware capabilities as well as database, messaging, and queuing functions SaaS Delivers applications over the Internet or intranet via a cloud infrastructure Built on underlying IaaS and PaaS layers
5 Security Guidance for Critical Areas of Focus in Cloud Computing, v2.1. Cloud Security Alliance (2009). https://cloudsecurityalliance.org/csaguide.pdf (PDF)
10 Intel IT Center Planning Guide | Cloud Security