Private Virtual Infrastructure proposed to address cloud security issues

By Mark Brownstein, Contributor 08 Jul 2009 | SearchCloudComputing.com

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

The privacy and security issues that concern enterprises, schools and organizations wanting to take advantage of cloud computing were addressed in other papers given at the workshop, a few of which are further discussed here (CloudNet and Trusted Cloud Computing).

The approach presented by Krautheim implements what he calls a Private Virtual Infrastructure (PVI). A PVI is described as a "virtual datacenter [sic] over the existing cloud infrastructure." The data center is "under the control of the information owner" the paper says, while the fabric is under the control of the operator (of the cloud service).

Both the client and the service provider are required to share certain types of security information, and service level agreements (SLAs) can further define the roles and responsibilities of all parties in the agreement. The paper proposed that every service in the cloud must be able to report security properties, and that the properties must be cryptographically bound and signed.

Five basic tenets are described as essential to cloud security:

• A trusted foundation on which to build a PVI must exist.
• A 'secure factory' must be provided to provision the PVI. This 'factory' will also serve as a policy decision point and root authority for PVI.
• A measurement mechanism should be provided to validate the security of the fabric before provisioning the PVI. Krautheim refers to this as a secure factory.
• A measurement mechanism to validate the security of the fabric should be in place before provisioning PVI.
• Secure methods for shutdown and destruction of virtual devices in a PVI should be in place to prevent object reuse attacks.
• The PVI should be continuously be monitored both from within and from out side of the PVI, using intrusion detection and other devices.

The paper goes into detail regarding each of the five tenets listed above. Krautheim argues that service providers who offer a transparent view of their infrastructures so that customers can understand the vendor's security posture will have a competitive advantage over vendors who obscure their security structure's inner workings.

"In the end, cooperation between vendor and customer will result in increased security while lowering the overall cost of ownership for IT infrastructure," the paper concludes.

Tags: Data protection in the cloud,  Data privacy in the cloud,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data protection in the cloud Cloud computing coming into focus for IT pros Security issues in cloud computing Learning to let go: A cloud security primer with George Reese Virtualization vulnerabilities leave clouds insecure Novell tool to secure data and workloads in the cloud Researchers discuss virtual private clouds, coin CloudNet Trusted Cloud Computing Platform proposed to secure IaaS clouds Cloudy with a chance of Ubuntu, Hohm gets hosted Encryption breakthrough promises privacy in the cloud Lightning crashes at Amazon, IBM plays in the cloud Data privacy in the cloud Security issues in cloud computing Oracle users balk at cloud computing Learning to let go: A cloud security primer with George Reese Virtualization vulnerabilities leave clouds insecure Public sector drags its heels on cloud Amazon adds onetime password token to entice the wary Novell tool to secure data and workloads in the cloud Researchers discuss virtual private clouds, coin CloudNet Trusted Cloud Computing Platform proposed to secure IaaS clouds Cloudy with a chance of Ubuntu, Hohm gets hosted

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cloud cartography  (SearchCloudComputing.com) CloudAV  (SearchCloudComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary