HomeSecurity Authorization: An Approach for Community Cloud Computing Environments
Share
 

Security Authorization: An Approach for Community Cloud Computing Environments

White paper explores some of the challenges encountered when attempting to perform traditional security authorization or certification and authentication processes for cloud computing environments (CCEs).

Security Authorization: An Approach for Community Cloud Computing Environments
Security Authorization: An Approach for Community Cloud Computing Environments

Booz Allen Hamilton has authored a white paper that discusses the concepts of cloud computing and security authorization, and also explores some of the challenges encountered when attempting to perform traditional security authorization or certification and authentication processes for cloud computing environments (CCEs).

Cloud computing enables network access to a shared pool of computing resources, such as servers, applications, and networks, which can be rapidly provisioned and released with minimal service provider interaction. Security authorization assesses the security of a system or application by identifying risks and determining which have been mitigated to the extent that the cost to exploit them is greater than the expected gain. When risks cannot be sufficiently mitigated, security authorization can document the residual risks.

Called “Security Authorization: An Approach for Community Cloud Computing Environments,” the white paper outlines a new approach for performing security authorization of CCE services, which is tailored to the CCE and complies with National Institute of Standards and Technology (NIST) guidance.

Ideally, security authorization for CCE services would complement the flexible design and rapid deployment features of the services. To achieve this goal, the paper recommends addressing four considerations, including establishing a standard system configuration that can be authorized by type and managing the potentially large and dynamic number of subsystems within a CCE.

The Booz Allen paper concludes with an overview of the six activities that should be implemented to accomplish security authorization in a community CCE and also maintain the CCE’s rapid elasticity and other characteristics.

The assessment and authorization approach presented in “Security Authorization” can be adapted to any private, public, or hybrid deployment model, but the white paper is targeted to civil agencies that use community cloud deployment.

Booz Allen Associates Perry Bryden, Daniel C. Kirkpatrick, and Farideh Moghadami contributed to this white paper.

white paper posted November 23, 2009

 
Find us on Facebook. Watch us on YouTube. Visit Our LinkedIn Profile.
  • Copyright Booz Allen Hamilton Inc. All Rights Reserved
  • Legal Notice & Privacy Policy
  • Contact Us
  • Site Map