Actors: cloud-subscriber, cloud-provider
Goals: Conduct ongoing automated monitoring of the cloud-provider infrastructure to demonstrate compliance with cloud-subscriber security policies and auditing requirements.
Assumption: The cloud-subscriber has well defined policies and auditing requirements for its IT infrastructure. Security Content Automation Protocol (SCAP) validated security tools are deployed within the infrastructure to perform monitoring and compliance reporting. The cloud-subscriber policies and auditing requirements are expressed in a standard format suitable for automatic processing. The Cloud-subscriber may require cloud-providers to demonstrate compliance to multiple policies (e.g., HIPAA, PCI, SAS70). The degree of monitoring incumbent upon the cloud-provider may vary based on the cloud computing service model in use and the SLA.
Success Scenario 1 (Express Policy and Check Mechanisms, IaaS): Cloud-subscriber attempts to convey security monitoring requirements to the cloud-provider using standard formats (e.g., SCAP). These requirements are expressed as machine-readable policy documents that describe the required configuration settings, vulnerability and malware detection components, and system patch state. The cloud-provider acknowledges successful receipt of the policy content.
Failure Conditions 1: TBD
Failure Handling 1: TBD
Success Scenario 2 (Assess Cloud Environment, IaaS): Cloud-provider continuously monitors cloud components under their purview and demonstrates compliance to the designated policy through the presentation of standardized assessment results to the cloud-subscriber. If the cloud-provider fails to deliver evidence of compliance within the timeout period, the cloud-subscriber may consider an alternate provider or attempt to resubmit the request. Allocation of workload to a cloud-provider is contingent upon the ability of the provider to satisfy the cloud-subscriber security requirements on an ongoing basis. The failure of a cloud-provider to maintain compliance may trigger the migration of the workload to an alternate provider.
Failure Conditions 2: The requested action or process performed at one or more of the N cloud-providers fails, is non-responsive, or returns incorrect or incomplete results to the cloud-subscriber.
Failure Handling 2: Cloud-subscriber can reinitiate the requested action, attempt to mediate discrepancy with the cloud-provider, or consider performing the action with an alternative cloud-provider.