Skip to main content

Advances, Systems and Applications

Table 1 Summary of CSA security frameworks

From: A quantitative analysis of current security concerns and solutions for cloud computing

Framework Objectives Structure and comments
CSA Guidance
  • Recommendations for reducing risks
• No restrictions regarding specific solutions or service types
• Guidelines not necessarily applicable for all deployment models
• Provide initial structure to divide efforts for researches
• One architectural domain
• Governance domains: risk management, legal concerns, compliance, auditing, information management, interoperability and portability
• Operational domains: traditional and business security, disaster recovery, data center operations, encryption, application security, identification, authorization, virtualization, security outsourcing
• Emphasis on the fact that cloud is not bound to virtualization technologies, though cloud services heavily depend on virtualized infrastructures to provide flexibility and scalability
CSA Top Threats
  • Provide context for risk management decisions and strategies
• Focus on issues which are unique or highly influenced by cloud computing characteristics
• Seven main threats:
   ‐Abuse and malicious use of cloud resources
   ‐Insecure APIs
   ‐Malicious insiders
   ‐Shared technology vulnerabilities
   ‐Data loss and leakage
   ‐Hijacking of accounts, services and traffic
   ‐Unknown risk profile (security obscurity)
· Summarizes information on top threats and provide examples, remediation guidelines, impact caused and which service types (based on SPI model) are affected
CSA Architecture
  • Enable trust in the cloud based on well-known standards and certifications allied to security frameworks and other open references
• Use widely adopted frameworks in order to achieve standardization of policies and best practices based on already accepted security principles
• Four sets of frameworks (security, NIST SPI, IT audit and legislative) and four architectural domains (SABSA business architecture, ITIL for services management, Jericho for security and TOGAF for IT reference)
• Tridimensional structure based on premises of cloud delivery, trust and operations
• Concentrates a plethora of concepts and information related to services operation and security
  1. Table summarizing information related to CSA security frameworks (guidance, top threats and TCI architecture).