Secure Cloud Data Center Design – Part 1

by admin

Secure cloud data center design begins with a logical design that then leads to physical design. ISO/IEC 19441:2017 provides illumination on two key concerns related to data in a data center, namely portability and interoperability. The basic environmental protection concerns within a data center are evolving to include concerns outside of the data center.

Logical Design

The logical design of the cloud infrastructure should include measures to:

  • limit remote access,
  • monitor the cloud infrastructure,
  • create substantive tenant partitioning or isolation, and
  • allow for the patching and updating of systems in the cloud environment.

Logical designs are often described using terms from the customer’s business vocabulary. Locations, processes, workflows, and roles from the business domain can be included in a logical design.

An important aspect of a logical network design is that it is part of the requirements set for a solution to a customer problem and should precede physical design.

Functional Security Requirements

During the due diligence activities connected to service aggregation, it is imperative to consider capabilities that support portability and interoperability. After a determination of business requirements is made, deep research of cloud service providers may reveal that a selection of two or more providers is necessary. Proprietary nomenclature, methods, and technologies espoused by the provider of choice could be potentially harmful to meeting the stated business requirements when it becomes necessary to link multiple services for a consuming organization.

ISO/IEC 19441:2017: Information technology — Cloud computing — Interoperability and portability focuses on cloud service agreements related to interoperability and portability between cloud services. Interoperability extends the relationship between cloud and non-cloud services.

The goal of interoperability is to provide seamless service consumption and management between standalone services and cloud service providers.

The goal of portability is to enable cloud service customers to move their data or applications between standalone services and cloud service providers.

The five facets of cloud interoperability are:

  1. Policy – Ability of two or more systems to interoperate while complying with governmental laws, regulations, and organizational mandates
  2. Behavioral – Where the results of the use of the exchanged information matches the expected outcome
  3. Transport – The commonality of the communication between cloud consumer and provider and other providers (e.g., HTTP/S, and various message queuing standards)
  4. Syntactic – Two or more systems to understand the other systems’ structure of exchanged information through encoding syntaxes (e.g., JSON and XML)
  5. Semantic data – Ability of systems exchanging information to understand the meaning of the data model within the context (e.g., virtual machines, containers, storage, and networking concepts)

The three facets of cloud data portability are:

  1. Syntactic – Transferring data from a source system to a target system using formats that can be decoded on the target system with such features as XML or Open Virtualization Format (OVF)
  2. Semantic – Transferring data from a source system to a target system so that the data model is understood within the context of the subject area by the target
  3. Policy -Transferring data from a source system to a target system so that governmental laws, regulations, and organizational mandates are followed

Related article – Secure Cloud Data Center Design – Part 2

Leave a Reply

Your email address will not be published. Required fields are marked *