Cloud Security Frame

Hot Spot Description
Auditing and Logging Auditing and logging refers to how security-related events are recorded, monitored, and audited.
Authentication Authentication is the cloud involves determining which approach to use. This might be leveraging an existing user store or utilizing a foreign user store (Identity provider) such as LiveID or OpenID.
Authorization Authorization in the cloud is architecting your application to use existing role or membership stores or adopting a new federated model using claims.
Communication Communication encompasses how data is transmitted over the wire. Transport security versus message encryption is covered here.
Data Access Data access covers how an application handles data including secure data stores and protecting your data provider connection information.
Deployment Considerations Deployment security addresses securing your application or code when deploying it to the cloud. Protecting confidential information and intellectual property (IP) in the application deployment package is of concern here.
Exception Management Exception management refers to how you handle exceptions within your application, including fault contracts.
Hosting Hosting addresses concerns around the life of your application during its execution in the cloud environment.
Sensitive Data Sensitive data includes data integrity and confidentiality of your user and application data that you need to protect. This includes how you protect sensitive data from being stolen from memory, from configuration files or when transmitted over the network.
Session Mgmt A session refers to a series of related interactions between a client and your service.
Validation Message validation refers to how you verify the message payload against schema, as well as message size, content and character sets. This includes how your service filters, scrubs and rejects input and output before additional processing. Input and output includes input from clients consuming the service as well as file-system input, as well as input from network resources, such as databases. Output typically includes the return values from your service or disk / database writes among others.

Last edited Aug 18, 2009 at 2:09 AM by paulenfield, version 1


No comments yet.