Beruflich Dokumente
Kultur Dokumente
– SAAS
- Data security: data resides outside the enterprise boundary. Need to encrypt and limit
access.
- Network security: data flow needs to be secure
- Data locality: sometimes data cannot leave the country; jurisdiction disputes
- Data integrity: database constrains and transactions / atomicity, consistency, isolation,
durability
- Data segregation: because of multi-tenancy
- Data access: the service must be able to incorporate specific policies put forward by the
customer organisation.
- Authentication & authorisation: managing user access
- Data confidentiality: depends on the ToU; may depend on location; may have more than
one legal location with different consequences; difficult to assess (grasp)
- Web application security: must be manager over the web: application level measures are
needed; vulnerability to SQL attacks;
- Data breaches: insiders
- Vulnerability in virtualisation: guest environment ↔ host system
- Availability: resilience to attacks
- Backup:
- Identity MGMT – IdM; Independent IdM stack: everything is stored by SaaS; Credential
synchronisation (replication); Federated IdM
- PAAS
- IAAS
Public;
Private / community;
Hybrid
- Hayes (2008): using third-service providers raises weird questions about ownership
and control
Conclusion
- Main issues:
1) power efficiency
2) privacy & security
3) SLA (service-level agreements)
LECTURE
- COMPAQ
- Cloud deployment:
1. Private
2. Community
3. Public
4. Hybrid
– Determined by: provider and location (where does the date reside?); controller of the
virtualisation software that generates and manages the virtual machines; config, support, and
maintenance of the infrastructure, effectively who is responsible when something goes
wrong.
– PRIVATE
1. infrastructure is for the exclusive use of an enterprise and its business units
2. may be managed internally or an third-party organisation
3. could be a mixture
4. infrastructure could be located on or off premises
– COMMUNITY
– PUBLIC
– HYBRID
- IAAS
- PAAS
- SAAS
- Provider responsible for two bottom levels of security: data storage security and data
transmission security. The customer is responsible for application security and issues related to third
party resources
- Key points:
- hard to know where the data is bouncing around.
- low control
- legal & compliance issues across different countries