Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Access cloud service models' and providers' security context

Expert John Overbaugh discusses cloud service models and security issues in the Software, Platform and Infrastructure models.

Knowing the security context for each type of cloud service gives an enterprise security architect the starting point for evaluating cloud providers, according to John Overbaugh, Caliber Security Partners' managing director of security services. Evaluating different cloud service models' shared responsibility models, as well as each cloud provider's data classification approaches and privacy policies are essential first steps in selecting a type of cloud and an individual cloud provider.

In this podcast, Overbaugh discusses cloud service models and lays out security issues in the three Software, Platform and Infrastructure (SPI) models: infrastructure as a service (IaaS), software as a service (SaaS) and platform as a service (PaaS). In each model, the security administration responsibilities of the customer and those of the provider differ substantially, with more responsibility placed upon the customer in IaaS than PaaS. When choosing PaaS, however, the enterprise security architect must vet the tools the provider offers and the provider's infrastructure security.

Check that a cloud provider's system for data classification, or categorization of data for effective use, bears similarities to the enterprises, Overbaugh advises. If the enterprise categorizes data by, say, topical content, file size and creation date, so should the provider. Conduct a data classification assessment that covers the provider's network topology, workflows and data flows and systems hardware and software. The main goal is determining if the provider's data storage system makes it easy to find the enterprise data that would be deployed there.

Jan Stafford plans and oversees strategy and operations for TechTarget's Application Development Media Group. She has covered the computer industry for the last 20-plus years, writing about everything from personal computers to operating systems to server virtualization to application development.

Dig Deeper on Cloud computing security

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Which cloud service models are you most comfortable working with?