Security Use Case example for an Insurance scenario
4 views
Skip to first unread message
Drussell4881
Dec 11, 2009, 8:39:47 AM12/11/09
to SNIA Cloud
We have been talking about what is required for security in the cloud
in the Cloud Computing Use Cases White Paper (http://groups.google.com/
group/cloud-computing-use-cases ) discussion group. It is now time to
start suggesting Use Cases to reinforce the need for Security in the
Cloud (http://su.pr/8SROha ).
Here is an example of a customer-level use case that highlights
security that should resonate with many people:
Use Case:
Rapidly Scaling an Insurance Application using a Public Cloud
Description:
An insurance company’s new Insurance policy claims application’s has
proven to be valuable in capturing customer and property damage data.
A hurricane is predicted to hit the gulf coast region of the United
States and the IT Staff wishes to elastically scale out the new
application to accommodate the additional customers and field agents
that may need it in the aftermath. The company's IT Staff selects a
Public Cloud Provider that uses open security standards to fulfill
their short-term compute needs and host additional images of their
insurance policy claims application.
View:
Customer, IT Staff
Security Patterns Featured:
-Federated Trust (certificate/key exchange b/w enterprise, cloud
provider)
-Federated Access Control (security policy applied at cloud provider)
-Federated Configuration Management (application configuration,
metadata and access policy applied at cloud provider) Security Areas
Impacted:
- Key/Cert. Mgmt. (trust, key exchange, key/cert store)
- Identity Management, Entitlement, Access Control
- Configuration Mgmt. (image configuration, app. policy)
- Storage Security (application image, metadata)
Underlying Standards:
- x509 Certificates (Trust, key exchange)
- SAML 2.0 (admin identity and entitlements)
- OVF Application Images & Metadata
- SPML (service provisioning)
One could carry the example of having an agent of the insurance
company then use Federated SSO (authenticating thru an external
Identity Provider) to establish credentials that can use Federated
Identity to access the application being hosted at the new public
cloud provider. We could break down the scenario into the steps needed
to fulfill the scenario and feature each security pattern, management/
infrastructure control that is needed from the security framework.
What other parts to a use case template do we need for security-based
use cases?
Do we need to clarify internal/external considerations (provider vs.
customer)? Do we need a new taxonomy for these use cases?
Consolidate your responses in the Cloud Computing Use Cases White
Paper (http://su.pr/8SROha ). We look forward to your comments and
also your documenting a Use Case which reflects your requirements for
Security in the Cloud..
in the Cloud Computing Use Cases White Paper (http://groups.google.com/
group/cloud-computing-use-cases ) discussion group. It is now time to
start suggesting Use Cases to reinforce the need for Security in the
Cloud (http://su.pr/8SROha ).
Here is an example of a customer-level use case that highlights
security that should resonate with many people:
Use Case:
Rapidly Scaling an Insurance Application using a Public Cloud
Description:
An insurance company’s new Insurance policy claims application’s has
proven to be valuable in capturing customer and property damage data.
A hurricane is predicted to hit the gulf coast region of the United
States and the IT Staff wishes to elastically scale out the new
application to accommodate the additional customers and field agents
that may need it in the aftermath. The company's IT Staff selects a
Public Cloud Provider that uses open security standards to fulfill
their short-term compute needs and host additional images of their
insurance policy claims application.
View:
Customer, IT Staff
Security Patterns Featured:
-Federated Trust (certificate/key exchange b/w enterprise, cloud
provider)
-Federated Access Control (security policy applied at cloud provider)
-Federated Configuration Management (application configuration,
metadata and access policy applied at cloud provider) Security Areas
Impacted:
- Key/Cert. Mgmt. (trust, key exchange, key/cert store)
- Identity Management, Entitlement, Access Control
- Configuration Mgmt. (image configuration, app. policy)
- Storage Security (application image, metadata)
Underlying Standards:
- x509 Certificates (Trust, key exchange)
- SAML 2.0 (admin identity and entitlements)
- OVF Application Images & Metadata
- SPML (service provisioning)
One could carry the example of having an agent of the insurance
company then use Federated SSO (authenticating thru an external
Identity Provider) to establish credentials that can use Federated
Identity to access the application being hosted at the new public
cloud provider. We could break down the scenario into the steps needed
to fulfill the scenario and feature each security pattern, management/
infrastructure control that is needed from the security framework.
What other parts to a use case template do we need for security-based
use cases?
Do we need to clarify internal/external considerations (provider vs.
customer)? Do we need a new taxonomy for these use cases?
Consolidate your responses in the Cloud Computing Use Cases White
Paper (http://su.pr/8SROha ). We look forward to your comments and
also your documenting a Use Case which reflects your requirements for
Security in the Cloud..
Mark A. Carlson
Dec 11, 2009, 9:37:49 AM12/11/09
to snia-...@googlegroups.com
You might want to include in your use cases: how the
data gets into
the cloud securely. For large data sets, the answer may be different
than for small data sets.
-- mark
Drussell4881 wrote:
the cloud securely. For large data sets, the answer may be different
than for small data sets.
-- mark
Drussell4881 wrote:
We have been talking about what is required for security in the cloud in the Cloud Computing Use Cases White Paper (http://groups.google.com/ group/cloud-computing-use-cases ) discussion group. It is now time to start suggesting Use Cases to reinforce the need for Security in the Cloud (http://su.pr/8SROha
). Here is an example of a customer-level use case that highlights security that should resonate with many people: Use Case: Rapidly Scaling an Insurance Application using a Public Cloud Description: An insurance company�s new Insurance policy claims application�s has proven to be valuable in capturing customer and property damage data. A hurricane is predicted to hit the gulf coast region of the United States and the IT Staff wishes to elastically scale out the new application to accommodate the additional customers and field agents that may need it in the aftermath. The company's IT Staff selects a Public Cloud Provider that uses open security standards to fulfill their short-term compute needs and host additional images of their insurance policy claims application. View: Customer, IT Staff Security Patterns Featured: -Federated Trust (certificate/key exchange b/w enterprise, cloud provider) -Federated Access Control (security policy applied at cloud provider) -Federated Configuration Management (application configuration, metadata and access policy applied at cloud provider) Security Areas Impacted: - Key/Cert. Mgmt. (trust, key exchange, key/cert store) - Identity Management, Entitlement, Access Control - Configuration Mgmt. (image configuration, app. policy) - Storage Security (application image, metadata) Underlying Standards: - x509 Certificates (Trust, key exchange) - SAML 2.0 (admin identity and entitlements) - OVF Application Images & Metadata - SPML (service provisioning) One could carry the example of having an agent of the insurance company then use Federated SSO (authenticating thru an external Identity Provider) to establish credentials that can use Federated Identity to access the application being hosted at the new public cloud provider. We could break down the scenario into the steps needed to fulfill the scenario and feature each security pattern, management/ infrastructure control that is needed from the security framework. What other parts to a use case template do we need for security-based use cases? Do we need to clarify internal/external considerations (provider vs. customer)? Do we need a new taxonomy for these use cases? Consolidate your responses in the Cloud Computing Use Cases White Paper (http://su.pr/8SROha ). We look forward to your comments and also your documenting a Use Case which reflects your requirements for Security in the Cloud.. -- You received this message because you are subscribed to the Google Groups "SNIA Cloud" group. To post to this group, send email to snia-...@googlegroups.com. To unsubscribe from this group, send email to snia-cloud+...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/snia-cloud?hl=en.
Reply all
Reply to author
Forward
0 new messages