CSA Cloud Security Architecture

•User Security And Monitoring: This

layer includes:
• Identity Services: Authentication,
authorization, federation, delegation,
and provisioning.
• Supporting Services: Auditing,
super user privilege management.
•Information Security – Data: This layer
focuses on:
• Encryption: Ensuring data is
encrypted in transit, at rest, and
during processing.
• Key Management: Managing
encryption keys.
• Access Control Lists (ACL):
Managing permissions.
• Logging: Keeping records of access
and changes.
 •Application Level Security: This involves securing:
• Application Stack: The software components
that make up an application.
• Service Connectors: Interfaces that connect
services.
• Database: Data storage and retrieval systems.
• Storage: Physical or virtual storage solutions.
•Platform And Infrastructure Security: This
covers:
• PaaS Services: Such as NoSQL databases,
APIs, message queues, and storage.
• Guest OS Level: Firewalls, system hardening,
security monitoring.
• Hypervisor/Host-level: Firewalls, security
monitoring at the virtual machine monitor
level.
• Network Level: Border Gateway Protocol
(BGP), load balancers, firewalls, and security
monitoring.
The vertical bar labeled “Your Responsibility” indicates the security aspects that the user or client
must manage. The labels “SaaS” and “PaaS” on the right side indicate the types of cloud services
where the provider assumes more responsibility for security.
Seven Step Model of Migration into the Cloud
This model is used for migrating data or systems from one operating
environment to another, ensuring a structured and efficient transition.

1.Start: The beginning of the migration process where objectives and

scope are defined.
2.Test: Early testing of the migration strategy to identify potential
issues.
3.Augment: Enhancing the current system to support the migration
process.
4.Re-Architect: Modifying the system architecture to fit the new
environment.
5.Map: Mapping out the migration path, including dependencies and
resources.
6.Isolate: Isolating components to be migrated to minimize impact on
existing systems.
7.Administer: Managing the migration process, including monitoring
and adjustments.
8.Optimize: After migration, optimizing the system for performance
and efficiency.
9.End: The conclusion of the migration process.
CLOUD CONTRACTING MODELS
These models are essential for defining the terms of service, service level agreements
(SLAs), compliance with regulations, and the responsibilities of both the cloud service
providers (CSPs) and the cloud service users (CSUs).
1.Service Level Agreements (SLAs):
1. SLAs are critical components of cloud contracts that specify the performance and quality
metrics that the CSP must meet.
2. They include details on uptime guarantees, data protection standards, and remedies for
service failures.
2.Compliance and Legal Issues:
1. Contracts must address compliance with relevant laws and regulations, such as data
protection laws (e.g., GDPR).
2. They should also cover jurisdictional issues, especially when CSPs and CSUs are in different
countries.
3.Terms of Service:
1. The terms of service outline the usage policies, including acceptable use, data ownership,
and intellectual property rights.
2. They also detail the subscription models, pricing, and payment terms.
4. Security and Privacy:
1. Contracts should clearly define the security measures that the CSP will implement
to protect CSUs’ data.
2. Privacy terms must specify how user data will be handled, shared, and protected.
5. Exit Strategies:
1. Cloud contracts should include terms regarding the termination of services, data
retrieval, and transition support for CSUs moving to another provider or back in-
house.
6. Provider Analysis:
1. Before entering into a contract, CSUs often conduct a thorough analysis of the
CSP’s service offerings, performance history, and regulatory compliance status.
7. Negotiation and Customization:
1. Depending on the bargaining power and specific needs of the CSU, cloud contracts
can sometimes be negotiated and customized.
8. Heat Map Table:
1. Some analyses visualize the regulatory compliance status of CSPs in a sorting
table, known as a Heat Map table, which provides a clear picture of the CSPs’
adherence to contractual obligations.
SLA Assured Cloud Service Broker
1.Service User Interface: Users (User1, User2, User3) interact
with the system through this interface to make service requests.
2.Cloud Service Provider Interface: CSPs (CSP1, CSP2,
CSP3) are connected to the system, offering their services which
are bound by Service Level Agreements (SLAs).
3.Service Requirement Analysis: The broker analyzes the
requirements of the users’ requests.
4.Service Discovery: The broker searches for services that
match the users’ requirements.
5.Service Repositories: A database where the details of
available services are stored and managed.
6.Service Monitoring: The broker monitors the performance of
the services provided by CSPs.
7.Service Performance Evaluation: The broker evaluates the
performance of the services against the users’ requirements.
8.Sorting and Ranking: The broker sorts and ranks the services
based on their performance evaluation.
9. Service Verification: The broker verifies the services to ensure they meet the required
standards.
10.SLA Assured Cloud Service Broker: This is the main component that orchestrates the
entire process, ensuring that the services adhere to the agreed SLAs.
11.Service Performance Pattern Analysis: The broker analyzes the performance patterns
of the services.
12.Service Performance Pattern Prediction: The broker predicts future performance
patterns of the services.
13.Optimum Set of Solutions: The broker identifies the best set of service solutions for
the users.
14.Regulatory Compliance Analysis: The broker analyzes the services to ensure they
comply with relevant regulations.
15.Legal Experts: They review the broker’s recommendations to ensure they are legally
sound.
16.Service Recommendation: The final recommendation of services to the users, which
have been assured by the SLA broker and vetted by legal experts.