With the increasing maturity of various cloud service delivery models (Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS)) and deployment models (Private, Community, Public, Hybrid), the security risk profile of each cloud service configuration is coming... See full abstract

With the increasing maturity of various cloud service delivery models (Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS)) and deployment models (Private, Community, Public, Hybrid), the security risk profile of each cloud service configuration is coming into focus. In this paper, we take up the example of a Public Infrastructure as a Service (Iaas) cloud provider who provides storage and computing services through a data center with a virtualized infrastructure. In order to provide the needed security assurance for its IaaS cloud offering, the cloud provider needs to implement various security measures as part of the infrastructure configuration. A precursor to developing security measures is a comprehensive security policy. Now these policies are directly related to the features and functions that the IaaS cloud provider provides as part of its offering. The focus of this paper is to illustrate an approach for derivation of security policies for the virtualized infrastructure used by an IaaS cloud provider based on its service feature set.
Hide full abstract