Twoja przeglądarka nie obsługuje JavaScript.
Nie uzyskasz więc dostępu do niektórych jej funkcjonalności.
Aby w pełni cieszyć się używaniem strony Intratel
włącz obsługę JavaScript w swojej przeglądarce.

The basics of cloud security

One of Gartner’s analysts – Jay Heiser said, that we are at the beginning of a fascinating cloud computing road, leading to many new capabilities and savings for companies, but which is also difficult to follow from the security point of view.


Outsourcing providers in the USA are obliged to have security certificates, but as Heiser remarks these are not sufficient faced with the new technologies of cloud computing. Wishing to put shape around cloud security issues, cloud organizations released cloud strategic and tactical pain points summary with advisory how to address them. The list was divided into two categories:  


1. Governance  

Governance and environment resources management, legal and electronic discovery, compliance and audit, management of information lifecycle, portability and interoperability.


2. Operations  

Traditional security, business continuity and disaster recovery, data centers operations, incident response, notification and remediation, application security, encryption and key management, identity and access management, virtualization.  

Also a summary of top threats related to cloud computing and guidance for remediation was created. A set of tools categories helpful in addressing the threats includes XML, SOA and application security, encryption tools for data at transit and at rest, smart key management, log, identity and access management, virtual firewalls and other tools for managing virtualization, data-loss prevention and more.  

Securing new technologies resources needs transferring company’s current security infrastructure into its cloud version. For example, malware scanning tools will have to look especially for attempts malware at virtual platform, identity managing system will need to authenticate not just the user, but also computers and applications, and security information management systems will have to process billions of events and analytics.   

Gartner have even prepared a list of questions customers should ask potential vendors regarding security and privacy, compliance and other legal – contractual issues (Cloud security by CA and Gartner and Cloud computing security). 

Cloud experts emphasize that security levels are different depending on cloud computing model. Security requirements are the same, but moving from SaaS to PaaS and IaaS the user’s control over security is changing. From the logical point of view nothing changes, but how it is physically being done changes a lot. 



In case of SaaS applications provided by vendors run on a cloud infrastructure and are accessible through a web browser. Consumer does not manage or control the net, servers, operation systems, storage or even individual applications capabilities. This is why the SaaS model offers most functionalities, with least extensibility from customer and almost entire responsibility for security is on the vendor’s side.      



With PaaS clients create applications using programming languages and tolls supported by vendors, and then implement them into cloud infrastructure. As in SaaS, customers do not manage or control the infrastructure (network, servers, operating systems or storage) but do have control over deployed applications and usually over configuration of hosted environment applications.   

There are fewer customer ready or built in security features in PaaS then in SaaS, and the ones that exist are less complex but offer more flexibility in the additional securities layer. This requires applications additional security as well as security around API management, such as authentication, authorization and control.  



In IaaS customers get processes, data storage, networks and other indispensible computing resources as well as they deploy and run operating systems and applications. While users do not manage or control underlying cloud infrastructure, they do have control over operating systems, storage and deployed applications and some level of control of select networking components such as host firewalls. IaaS also offers a few possibilities of integrated securities beyond securing the infrastructure itself.      


Based on: Brandel M., Cloud security: The basics,, 2010.06.15