Cloud Services Security Architecture, Summaries for Network security

Cloud Services Security Architecture, Summaries for Network security

2 pages
8Number of visits
Cloud Services Security Architecture
20 points
Download points needed to download
this document
Download the document
Preview2 pages / 2
Service focused Security Architecture

Cloud Security Services Architecture

Version 1.2 (March 1, 2011)


1. Application-specific Identity/Authentication Service

2. Application-specific Authorization/Access Control Service

3. Provisioning Service (Identity & Access Data)

4. Vulnerability Assessment (Code Reviews)

Virtual Machines

1. Virtual Firewall

2. Anti Malware

3. VM Configuration APIs (CPU, Memory, O/S choices)

4. Secure VM Access (VPN, SSH )


1. Virtual Networking (VLAN – for Virtual Network Isolation (e.g., Prod, Dev etc)

2. Console Protection

3. VM Management APIs (Portability, State Control)

Operating System

1. Patch Management

2. Anti Malware

Hardware (Server)

1. (Host-based) IPS/IDS 2.Secure Hardware (e.g., TPM)

Hardware (Storage) & Data

1. Data (at rest) Encryption

2. Key Management

3. Media Protection

4. Security for Data(Block) Level APIs & File APIs

5. Data Loss Prevention

6. Data Privacy Services (Retention, Destruction)

7. Data Backup, Restore, Archival and Preservation Services


1. Secure Remote Access (VPN, Radius)

2. Network-based Authentication (Single Sign-on) & Authorization (using Directories)

3. Isolation/Network Segmentation (Firewall, DMZ)

4. Intrusion Prevention/Intrusion Detection (IPS/IDS)

5. Secure Transport Services (TLS, IPSec)

6. Secure Messaging (Encrypted, Signed)

7. Secure Discovery Service (DNSSEC)

As an Independent (External) Service

1. Federated Identity/Authentication Service

Multi-layer Security Services

1. Securing Management/Monitoring APIs 2. Audit (System Access, Transaction, Data) 3. Load Balancing/Fail over Service (for improving availability) 4. Incident Handling/Response 5. Forensics

no comments were posted