cloud computing security v1.2

1

A Layered Security Approach for Cloud Computing InfrastructureDr. Mehmet YildizCertified Executive IT Architect IBM Australia and New ZealandMelbourne, Australia

I-SPAN09 – IASM

Proposed Abstract: This paper introduces a practical security model based on key security considerations by looking at a number of infrastructure aspects of Cloud Computing such as SaaS, Utility, Web, Platform and Managed Services, Service commerce platforms and Internet Integration which was introduced with a concise literature review. The purpose of this paper is to offer a macro level solution for identified common infrastructure security requirements. This model with a number of emerged patterns can be applied to infrastructure aspect of Cloud Computing as a proposed shared security approach in system developmentlife cycle focusing on the plan-built-run scope.

A/Prof Jemal AbawajySchool of Engineering and Information Technology, Deakin UniversityMelbourne, Australia

A/Prof Tuncay ErcanFaculty of EngineeringDepartment of Computer Engineering, Yaşar University, Izmir, TURKEY

10th International Symposium on Pervasive Systems, Algorithms, and Networks

Mr. Andrew BernothSenior IT Architect and Security SME in IBM Australia and New ZealandMelbourne, Australia

2

IASM ���

Agenda

-Methodology

-Dynamic Security model for cloud infrastructure

-Conclusion

-Introduction

3

IASM ���

Cloud Computing Trends in Google

4

IASM ���

Cloud Computing Trends by Gartner

5

IASM ���

Dynamic Infrastructure Security Model

1. Vertical Configuration Minimum Level

2. Vertical Configuration Maximum Level

3. Network Policy Configuration

4. Storage Policy Configuration

5. Servers Policy Configuration

6. Systems Management Policy Configuration

7. Application Policy Configuration (Excluded

8. Enterprise Security Principles

6

IASM ���

Conclusion of paper

- A well established dynamic security model for the infrastructure of cloud computing solution is essential.

-The dynamic model introduced in this paper offers a horizontallyand vertically configurable and policy based security approach covering all known security issues in a typical implementation of Cloud infrastructure

-Applying dynamic security policies using automated tools and processes contribute to the security of cloud computing in a positive manner: i.e.

-cost, -systems management-end user satisfaction.