Cloud Integration Project Update

posted 1 Nov 2016, 07:07 by Lee Newcombe

As I’ve blogged previously, we have a number of research projects currently underway under the auspices of the UK Chapter.    One of those projects relates to cloud integration.    The cloud integration project is being led by John Arnold and John has kindly produced the below text as an example of where that project is heading.

 Issues involved in cloud integration

 1.      Identity.  Users (both privileged and end users) need to access cloud services as easily as on-premises services.  Ideally, we need to achieve the following:

-        Single administration – users don’t need to be administered separately for each cloud service.  Privileges in cloud based services can be accessed by mapping to a common identity store.

-        Single credential – users don’t need to manage their credentials separately for each cloud service

-        Single session – users don’t need to log on separately for each cloud service.

2.      Security monitoring.  The enterprise SOC needs to receive feeds from cloud services just as it does from on-premises services.  The enterprise will need to be able to adjust and define the feeds it gets, where they are sent, and how any transfer is scheduled and protected.

3.      Infrastructure and application monitoring and control.  The enterprise needs to be able to manage its cloud-based applications and infrastructure in the same way as its on-premises resources.

4.      Provisioning.  Spinning up and down instances, allocating VM images, containers and filesystems, needs to work seamlessly across cloud-based and on-premises services.

5.      Inter-application communications.  On premises and cloud based services need to be able to communicate seamlessly and securely.

6.      Security policies.  Where security policies can be virtualised, for instance using the XACML standard, these should be uniform across cloud and on-premises services.

If you have expertise in any of the above areas or have an opinion that you’d like to contribute to the project then please don’t hesitate to get in touch with me at lee.newcombe at my cloudsecurityalliance.org.ukemail address and I’d be delighted to put you in touch with John and his workstream colleagues.     

Our aim for all of our research projects is to provide pragmatic, proven guidance tailored for UK cloud consumers: the more input we get from experienced cloud adopters, the more effective our guidance will be.  

Comments