Building Customer Trust in Cloud Computing with Transparent Security精品.pdf

BUILDING CUSTOMER TRUST IN CLOUD COMPUTING WITH TRANSPARENT SECURITY White Paper November 2009 Abstract Potential users of cloud services often fear that cloud providers’ governance is not yet mature enough to consistently and reliably protect their data. As the trend toward cloud-based services continues to grow, it has become clear that one of the key barriers to rapid adoption of enterprise cloud services is customer concern over data security (confidentiality, integrity, and availability). This paper introduces the concept of transparent security and makes the case that the intelligent disclosure of security design, practices, and procedures can help improve customer confidence while protecting critical security features and data, thereby improving overall governance. Readers will learn how transparent security can help prospective cloud computing customers make informed decisions based on clear facts. For the purpose of discussion and debate, a model leveraging the ISO 27000 series standards is presented as a commonly understood framework for disclosure. 2 Building Customer Trust in Cloud Computing with Transparent Security Sun Microsystems, Inc.Sun Microsystems, Inc. Table of Contents Introduction3 Governance, Security, and Transparency 5 Transparency as a Basis For Informed Decision Making 8 What is Transparent Security? 9 Transparent Security Principles 10 Standards as a Means to Transparency and Assurance 11 Security Control Objectives 12 Primary Benefits of a Standards-based Approach 13 Conclusion 14 For More Information 15 Appendix A—NIST Definition of Cloud Computing 16 Definition of Cloud Computing 16 Essential Characteristics 16 Service Models 17 Deployment Models 18 Appendix B—Overview of ISMS 19 Step 1—Establish the ISMS 19 Step 2—Implement and Operate the ISMS 20 Step 3—Monitor and Review the ISMS 20 Step 4 — Maintain and Improve the ISMS 21 Appendix C—Le