security , virtual-vmware , visio-stencils

In the Cloud – The Need for Trust

August 25, 2017

All people, processes, and technology must have declared and transparent levels of trust for any transaction to take place.

  • Trust in this context is establishing understanding between contracting parties to conduct a transaction, and the obligations this assigns on each party involved.
  • Trust models should encompass people and  organizations and devices and infrastructure.
  • Trust level may vary by location, transaction type, user role, and transactional risk.
  • Mutual trust assurance levels must be determinable.
  • Devices and users must be capable of appropriate levels of (mutual) authentication for accessing systems and data.
  • Authentication and authorization frameworks must support the trust model.

 

Identity, Management, and Federation

Authentication, authorization, and accountability must interoperate / exchange outside of your locus / area of control.

  • People / systems must be able to manage permissions of resources and rights of users they don’t control.
  • There must be capability of trusting an organization, which can authenticate individuals or groups, thus eliminating the need to create separate identities.
  • In principle, only one instance of person / system / identity may exist, but privacy necessitates the support for multiple instances, or one instance with multiple facets.
  • Systems must be able to pass on security credentials / assertions.
  • Multiple locations (areas) of control must be supported.

Access to Data

Access to data should be controlled by security attributes of the data itself.

  • Attributes can be held within the data (DRM / metadata) or could be a separate system.
  • Access / security could be implemented by encryption.
  • Some data may have “public, non-confidential” attributes.
  • Access and access rights have a temporal component. Data privacy (and security of any asset of sufficiently high value) requires a segregation of duties / privileges.
  • Permissions, keys, privileges, etc. must ultimately fall under independent control, or there will always be a weakest link at the top of the chain of trust.
  • Administrator access must also be subject to these controls. By default, data must be appropriately secured when stored, in transit, and in use.
  • Removing the default must be a conscious act.
  • High security should not be enforced for everything; “appropriate” implies varying levels with potentially some data not secured at all.