Resource Center

5 Requirements for Cloud

Assuring Provider Protection Assuring Provider Protection

There are four assurance levels with cloud provider protection, from the lowest, bronze, to the highest, platinum, which is equivalent to military security. Managing risks in interacting with cloud providers requires a process to provide an appropriate assurance level. While a cloud provider may support many levels of assurance, it is the cloud subscriber’s responsibility to evaluate its risk appetite and determine the appropriate level of security required. This evaluation may be done by the cloud subscriber when choosing a particular cloud provider, when selecting a security assurance level, or as part of the negotiation between the cloud subscriber and cloud provider.

Monitoring Input/Output Controls Monitoring Input/Output Controls

Through the use of sufficient monitors, cloud subscriber consumption of I/O and cloud provider ability to provide I/O can be balanced appropriately. Ideally, the applications and workloads that a cloud subscriber submits to the cloud would be closely matched to the appropriate multi-tenant environment where the impact of the workload would not cause issues for other tenants, and where other tenants’ workloads would not constrain the throughput and latency requirements of their cloud neighbors.

Supporting Virtual Machines Supporting Virtual Machines

Determine if a move/migration of a VM of a cloud subscriber from one cloud provider to another, or to a different hypervisor within the same cloud provider, is possible, and the potential limitations for the move, such as, “Can the move/migration be live?” An understanding of all of the requirements for moving between hypervisors and cloud providers should be clearly detailed.

Requiring Cloud Security Monitoring Requiring Cloud Security Monitoring

Security monitoring should include: patch management and version control APIs with audit/query function; identity management services and APIs for consolidation and federation of access control; API for import/export to cloud subscriber log systems from cloud SIEM systems; audit/query APIs for platform attributes; cryptographic key management APIs; facilities and resource management APIs for dynamic data and access to static and offline data; “peer service” monitor APIs to verify that cloud subscriber workload is not on shared resources with specific list of blacklisted peers or being negatively impacted by oversubscribing peer service; network traffic and threat analysis services and APIs for controlling and reporting on the infrastructure to mitigate malware and denial-of-service attacks.

Becoming Carbon Aware Becoming Carbon Aware

The carbon footprint is not expected to be a 100 percent accurate or deterministic figure. To measure everything can be very expensive, in both financial and environmental terms. There is likely to be a need for some degree of approximation, which should be indicated. In addition, values and associated costs are expected to vary between providers of cloud services for reasons such as: • energy efficiency of hardware used • settings of hardware and systems software, including the degree of virtualization and efficiency of its management • ambient environmental conditions (e.g., Nordic vs. Mediterranean) • efficiency of data center infrastructure and housing (i.e., PUE) • source of electricity used (e.g., coal vs. nuclear from grid, local generators) • carbon offsetting and trading options deployed • national or regional regulation or tax arrangements

For more on cloud computing ... For more on cloud computing ...

To download the usage models, click here.
For more on cloud computing from Information-Management.com and our sister site, Cloud Computing Exchange, click here.
All images aside from ODCA logo used with permission from ThinkStock.

Open Data Center Alliance, an independent consortium of IT groups, recently released five new usage models on requirements for cloud computing. Here are highlights from the usage models geared toward cloud security, automation and transparency.

 

Please note you must now log in with your email address and password.