180 likes | 427 Views
Trusted Cloud Initiative Work Group Session . Architecture Focus Areas. High Level Use Cases. Principles. Define protections that enable trust in the cloud. Develop cross-platform capabilities and patterns for proprietary and open-source providers.
E N D
Principles • Define protections that enable trust in the cloud. • Develop cross-platform capabilities and patterns for proprietary and open-source providers. • Will facilitate trusted and efficient access, administration and resiliency to the customer/consumer. • Provide direction to secure information that is protected by regulations. • The Architecture must facilitate proper and efficient governance, identification, authentication, authorization, administration and auditability. • Centralize security policy, maintenance operation and oversight functions. • Access to information must be secure yet still easy to obtain. • Delegate or Federate access control where appropriate. • Must be easy to adopt and consume, supporting the design of security patterns. • The Architecture must be elastic, flexible and resilient supporting multi-tenant, multi-landlord platforms • The Architecture must address and support multiple levels of protection, including network, operating system, and application security needs.
Goals • Use the breadth of the Cloud Security Alliance • Adjacent initiatives will be a focus for the TCI mandate • Built upon “pillars” from the Cloud Security Alliance • Provide an end-to-end security specification for cloud security • Use the depth of the Cloud Security Alliance membership • Members have credibility from the top of the application to the “bare metal” • GRC and interoperability • Enable a vendor neutral reference architecture specification • All vendor products that enable an end-to-end security platform will be used • Provide a exemplary reference set of implementations • Global examples so that any country can implement the architecture to their requirements • Show examples of standards and how they can be implemented across products • Open source initiative • Where the TCI supports implementation under its direction the implementation is open source Note: The TCI Reference Architecture is not the same as the Cloud Computing Architectural Framework (Domain 1 of the Security Guidance for Critical Areas of Focus in Cloud Computing V2.1)
Holistic Approach to Controls... CSA Controls Matrix
… And Architecture Best Practices CSA Controls Matrix
Reference Model Structure Presentation Services Security and Risk Management (Jericho) Business Operation Support Services (SABSA) Information Technology Operation & Support (ITIL) Application Services Information Services Infrastructure Services (TOGAF)
How to Use the Architecture Presentation BOSS ITOS SRM Application Information Infrastructure Security Framework and Patterns CSA Controls Matrix CSA Consensus Assessment Reference Architecture