The security of an organization that is characterized by efficiency and completeness of the security controls are implemented, with the ability to adjust to the risks. These controls are implemented in one or more layers, from the premises equipment (physical security), network infrastructure (network security) to the IT system (security system) all how to manage information and applications (application security).
The controls are being implemented at the level of management (people and process), to separate the responsibilities, respectively. The responsibility for the security of both suppliers and consumers are divided between the cloud service model. For example, IaaS services fonAmazon EC2, including the responsibilities of security vendors to virtualization, which means they can only solve these controls as physical security, environmental security security and virtualization. Consumers, in turn, are responsible for the security controls related to IT systems (installation deployment), including operating systems, applications and data.
The opposite is true for SaaS services on customer resource management (CRM) Salesforce.com. Since Salesforce.com offers the entire ‘warehouse’, suppliers are not only responsible for the environmental security control and physical security, but also address the security control infrastructure, applications and data. This reduces the direct operating responsibility of consumers to go a lot.
One of the advantages of cloud computing is the effective cost of the savings of the range, the ability to reuse and standardization. To get this effect, cloud providers must offer services enough to serve the largest base possible, maximizing their market. However, integrating security into these solutions is often perceived as making them become “rigid”. Understand the impact of the difference between the service models and how they will be implemented is very important for the management of the risk situation of an organization.
In addition to the fields of architecture, directed by CSA, and 13 other important areas, emphasizing the areas of focus of cloud computing. They are adjusted to address “vulnerable points” for security and tactical strategies both within a cloud environment, and can be applied to any combination of deployment models and services in the cloud. The field is divided into two major categories and operating executive. The field operator has a greater range and resolve strategic issues and policies within a cloud computing environment, while the areas of operational focus on security tactics and deployed within the architecture.
The control of security in cloud computing is not much different than the security controls in any IT environment yet. However, cloud services are “rented” to use, so the operating model and the technology used for cloud services can create new risks compared to traditional IT solutions.