Cloud Computing

Sandeep Bhowmik

Chapter 6

Security Reference Model

Cambridge University Press

Chapter 6 Security Reference Model

The Security Concern

• Security is one among the topmost concerns of any

computing model and cloud computing is no exception.

• In cloud computing, consumers are moving from the

traditional in-house computing environment to outside
service providers.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 2

Chapter 6 Security Reference Model

The Security Concern

• Traditional data centers allows perimeterised (i.e. within

organization’s own network boundary or perimeter)
access to computing resources.

• Cloud computing promotes de-perimeterisation.

• Traditional concept of security boundary no more

applies in cloud computing.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 3

Chapter 6 Security Reference Model

The Security Concern

• Cloud computing moves beyond the concept of working

inside protected network boundary.

• But, it causes no more threat to security which was not

there in traditional computing.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 4

Chapter 6 Security Reference Model

The Security Concern

• Cloud Security Working Groups

• Many organizations and groups have worked separately on

developing a cloud security model.

• Two such bodies are –

• The Cloud Security Alliance
• Jericho Forum Group

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 5

Chapter 6 Security Reference Model

The Security Concern

• The Cloud Security Alliance (CSA)

• “Security Guidance for Critical Areas of Focus in Cloud

Computing” released by CSA in 2009 is considered as vital
testimonial on cloud computing security.

• It categorizes the cloud security related issues in fourteen

different sections.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 6

Chapter 6 Security Reference Model

The Security Concern

• The Jericho Forum Group

• An international consortium formed with the objective of

addressing concerns related to de-perimeterised computing
environment.

• They have contributed positively in development of cloud

security framework.

• Jericho Forum and the Cloud Security Alliance had worked

together to promote best practices for secured collaboration in
the cloud.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 7

Chapter 6 Security Reference Model

Elements of Cloud Security Model

• Analyst firm Gartner advices consumers to seek transparency

related to seven specific issues from service providers before
moving into cloud –
• Privileged user access
• Regulatory compliance
• Data location
• Data segregation
• Recovery
• Investigative support
• Long-term viability

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 8

Chapter 6 Security Reference Model

Cloud Security Reference Model

• The cloud computing community and many organizations

working in the field of network security were working for years
to develop a model to address cloud security.

• The Jericho Forum group came up with a model called Cloud

Cube Model, to address the security issue.

• This cube model is considered as the security reference model

for cloud computing.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 9

Chapter 6 Security Reference Model

The Cloud Cube Model

• The Jericho Forum Group proposed Cloud Cube Model in 2009,

defining a three-dimensional cube.

• The model was originally created to address the issue of

network de-perimeterisation.

• The model suggests that cloud security should not measured

depending only on the narrow perspective of ‘internal’ or
‘external’.

• Many other factors are also related with the issue of security.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 10

Chapter 6 Security Reference Model

The Cloud Cube Model

• The cloud cube model is designed to represent four security

related criterions.

• Jericho Forum suggests to decide about the four criterions while

moving to cloud computing environment –
• Data Boundary
• Ownership
• Security Boundary
• Sourcing

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 11

Chapter 6 Security Reference Model

The Cloud Cube Model

• These four criterions are represented across different

dimensions of a cube.

• Each of these 4 criterions have 2 probable answers.

• Hence, there can be 42 or 16 different forms of cloud computing

environment.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 12

Chapter 6 Security Reference Model

The Cloud Cube Model

• Data Boundary
• Internal (I)
• External (E)

• This security dimension represents the physical storage location

of organization’s data.

• It is important to note that, external storage location does not

necessarily mean lesser security.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 13

Chapter 6 Security Reference Model

The Cloud Cube Model

• Data Boundary

• The Data Boundary dimension divides the entire cube of the

Cloud Cube model, in two parts.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 14

Chapter 6 Security Reference Model

The Cloud Cube Model

• Ownership
• Proprietary (P)
• Open (O)

• This dimension determines the ownership of the technology

used for building the cloud.

• Reputed commercial vendor generally prefer to build services

using their own proprietary technologies.

• But, this limits interoperability.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 15

Chapter 6 Security Reference Model

The Cloud Cube Model

• Ownership

• The Ownership dimension divides the entire cube of the Cloud

Cube model, in two parts.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 16

Chapter 6 Security Reference Model

The Cloud Cube Model

• Security Boundary
• Perimeterised (Per)
• De-perimeterised (D-p)

• This dimension determines whether to operate inside the

traditional network security boundary or not.

• Perimeterised approach enhances security, but prevents

collaboration.

• De-perimeterised system shows the natural intent to collaborate

with the systems outside own perimeter.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 17

Chapter 6 Security Reference Model

The Cloud Cube Model

• The Security Boundary dimension divides the entire cube of the

Cloud Cube model, in two parts.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 18

Chapter 6 Security Reference Model

The Cloud Cube Model

• Depending on data-boundary (I/E) and ownership (P/O) there

can be four types of cloud formations - IP, IO, EP, EO.

• Each of these forms comes with either of the two architectural

mindsets - Perimeterised or De-perimeterised, as security
boundary.

• Taken together, there are total eight possible cloud formations -

Per (IP, IO, EP, EO) and D-p (IP, IO, EP, EO).

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 19

Chapter 6 Security Reference Model

The Cloud Cube Model

• Sourcing
• Insourced
• Outsourced

• This security dimension indicates who delivers and manages the

service.

• If it is provided by organization’s own/internal team, then it is

Insourced.

• If the service is delivered by some third party then it is called

Outsourced.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 20

Chapter 6 Security Reference Model

The Cloud Cube Model

• Sourcing

• Insourced cloud services indicates towards private cloud.

• Outsourced service can deliver both public and private cloud.

• Insourcing of service does not mean better security. Security of

cloud service largely depends on the expertise of the delivery
team.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 21

Chapter 6 Security Reference Model

The Cloud Cube Model

• Sourcing

• Sourcing can either be outsourced or insourced for each of the

eight cloud forms discussed earlier.

• In Jericho Forum's Cloud Cube Model this fourth dimension is

represented by two different colours for painting the cubes.

• Hence the eight smaller cubes that come out after combining the
first three dimensions discussed, can take either of the two
colours.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 22

Chapter 6 Security Reference Model

The Cloud Cube Model

• Jericho Forum's Cloud Cube Model.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 23

Chapter 6 Security Reference Model

The Cloud Cube Model

• In this model, the top-right-rear E/O/D-p cloud formation is

considered as the “sweet spot” where optimal flexibility and
collaboration can be achieved.

• The bottom-left-front I/P/Per cloud formation is the most

restricted one.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 24

Chapter 6 Security Reference Model

Cloud Security against Traditional Computing

• Collaboration is the tune of cloud based business systems.

• Both consumers and service providers have their share of

responsibilities in ensuring adequate security.

• But, unlike traditional computing, consumers no more need to

manage everything starting from the bottom of the stack in
cloud computing.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 25

Chapter 6 Security Reference Model

Cloud Security against Traditional Computing

• Share of security management responsibilities

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 26

Chapter 6 Security Reference Model

Cloud Security Management

• Security management responsibilities in cloud by service type

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 27

Chapter 6 Security Reference Model

Cloud Security Policy

• Security policies are a set of documentation that guides for

reliable security implementation.

• Cloud security strategy define different policies like, system

security policies, software policies, and information system
policies etc.

• Cloud computing environment also asks organizations to

maintain some general policies related to security –
• Management Policy
• Regulatory Policy
• Advisory Policy
• Informative Policy

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 28

Chapter 6 Security Reference Model

Trusted Cloud Computing

• Trusted computing is a term that refers to technologies, design

and policies to develop a highly secure and reliable computing
system.

• Trusted cloud computing can be viewed as a way to ensure that

the system acts in a predictable manner as intended.

• Reputation or trust building is a time taking process, and larger

cloud providers have already taken measures to establish this
trust.

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press 29

Chapter 6 Security Reference Model

Thank You

Cloud Computing; Sandeep Bhowmik @ Cambridge University Press