Security Use Case example for an Insurance scenario
27 views
Skip to first unread message
drus...@ca.ibm.com
Dec 11, 2009, 8:32:49 AM12/11/09
to Open Cloud Manifesto
We have been talking about what is required for security in the cloud
in the Cloud Computing Use Cases White Paper (http://groups.google.com/
group/cloud-computing-use-cases ) discussion group. It is now time to
start suggesting Use Cases to reinforce the need for Security in the
Cloud (http://su.pr/8SROha ).
Here is an example of a customer-level use case that highlights
security that should resonate with many people:
Use Case:
Rapidly Scaling an Insurance Application using a Public Cloud
Description:
An insurance company’s new Insurance policy claims application’s has
proven to be valuable in capturing customer and property damage data.
A hurricane is predicted to hit the gulf coast region of the United
States and the IT Staff wishes to elastically scale out the new
application to accommodate the additional customers and field agents
that may need it in the aftermath. The company's IT Staff selects a
Public Cloud Provider that uses open security standards to fulfill
their short-term compute needs and host additional images of their
insurance policy claims application.
View:
Customer, IT Staff
Security Patterns Featured:
-Federated Trust (certificate/key exchange b/w enterprise, cloud
provider)
-Federated Access Control (security policy applied at cloud provider)
-Federated Configuration Management (application configuration,
metadata and access policy applied at cloud provider) Security Areas
Impacted:
- Key/Cert. Mgmt. (trust, key exchange, key/cert store)
- Identity Management, Entitlement, Access Control
- Configuration Mgmt. (image configuration, app. policy)
- Storage Security (application image, metadata)
Underlying Standards:
- x509 Certificates (Trust, key exchange)
- SAML 2.0 (admin identity and entitlements)
- OVF Application Images & Metadata
- SPML (service provisioning)
One could carry the example of having an agent of the insurance
company then use Federated SSO (authenticating thru an external
Identity Provider) to establish credentials that can use Federated
Identity to access the application being hosted at the new public
cloud provider. We could break down the scenario into the steps needed
to fulfill the scenario and feature each security pattern, management/
infrastructure control that is needed from the security framework.
What other parts to a use case template do we need for security-based
use cases?
Do we need to clarify internal/external considerations (provider vs.
customer)? Do we need a new taxonomy for these use cases?
Consolidate your responses in the Cloud Computing Use Cases White
Paper (http://su.pr/8SROha ). We look forward to your comments and
also your documenting a Use Case which reflects your requirements for
Security in the Cloud.
.
in the Cloud Computing Use Cases White Paper (http://groups.google.com/
group/cloud-computing-use-cases ) discussion group. It is now time to
start suggesting Use Cases to reinforce the need for Security in the
Cloud (http://su.pr/8SROha ).
Here is an example of a customer-level use case that highlights
security that should resonate with many people:
Use Case:
Rapidly Scaling an Insurance Application using a Public Cloud
Description:
An insurance company’s new Insurance policy claims application’s has
proven to be valuable in capturing customer and property damage data.
A hurricane is predicted to hit the gulf coast region of the United
States and the IT Staff wishes to elastically scale out the new
application to accommodate the additional customers and field agents
that may need it in the aftermath. The company's IT Staff selects a
Public Cloud Provider that uses open security standards to fulfill
their short-term compute needs and host additional images of their
insurance policy claims application.
View:
Customer, IT Staff
Security Patterns Featured:
-Federated Trust (certificate/key exchange b/w enterprise, cloud
provider)
-Federated Access Control (security policy applied at cloud provider)
-Federated Configuration Management (application configuration,
metadata and access policy applied at cloud provider) Security Areas
Impacted:
- Key/Cert. Mgmt. (trust, key exchange, key/cert store)
- Identity Management, Entitlement, Access Control
- Configuration Mgmt. (image configuration, app. policy)
- Storage Security (application image, metadata)
Underlying Standards:
- x509 Certificates (Trust, key exchange)
- SAML 2.0 (admin identity and entitlements)
- OVF Application Images & Metadata
- SPML (service provisioning)
One could carry the example of having an agent of the insurance
company then use Federated SSO (authenticating thru an external
Identity Provider) to establish credentials that can use Federated
Identity to access the application being hosted at the new public
cloud provider. We could break down the scenario into the steps needed
to fulfill the scenario and feature each security pattern, management/
infrastructure control that is needed from the security framework.
What other parts to a use case template do we need for security-based
use cases?
Do we need to clarify internal/external considerations (provider vs.
customer)? Do we need a new taxonomy for these use cases?
Consolidate your responses in the Cloud Computing Use Cases White
Paper (http://su.pr/8SROha ). We look forward to your comments and
also your documenting a Use Case which reflects your requirements for
Security in the Cloud.
.
Reply all
Reply to author
Forward
0 new messages