Second Draft of V3 of Cloud Computing Use Cases paper - Security in the Cloud

Skip to first unread message


Jan 24, 2010, 8:33:15 PM1/24/10
to A6 (Audit, Assertion, Assessment, and Assurance API) Working Group
We are working towards completing V3 of the Cloud Computing Use Cases
White Paper on or about Jan. 31st at
. In order to ensure we have all your comments, take a look at the
second draft and I ask that you post to ( ) on
the Cloud Computing Use Cases Google Group.


The second draft of Version 3 is now in the Files section at
. Based on feedback from the first version, I've tried to tighten up
the text, particularly the definitions of the security controls and
security federation patterns.

Upon further review, it seemed like every box in the two tables in the
first draft needed to be checked. I replaced those tables with two new
ones: One cross-references the use cases with the security controls,
while the other cross-references the use cases with the security
federation patterns. This is similar to what we have at the end of
Chapter 3 in the original paper.

I'm very happy with the way this is shaping up, and I'm looking
forward to hearing your comments.

Cheers, Doug

p.s. Once again, nothing has changed in the rest of the paper, so I'm
posting just the Security sections.


The Draft of the Security section can be found at (
) and begins as follows:

6 Security Scenarios

Security, in the cloud or elsewhere, is a crucial topic that could
fill any number of pages. Our purpose here is to highlight the
security issues that architects and developers should consider as they
move to the cloud.

An important point to keep in mind is that the cloud does not
introduce any new security threats or issues. To put security in
perspective, cloud computing as a whole can be considered the ideal
use case to highlight the need for a consistent, transparent,
standards-based security framework regardless of cloud deployment
model. As companies move or build solutions in the cloud, having this
consistent security model is vital to simplify development and to
avoid vendor lock-in and preserve their IT investments.

Reply all
Reply to author
0 new messages