As an operator of a private cloud solution, what can I do to ensure that only legitimate users are using the private cloud resources?image

Security Functionality

Part of the answer to the question above is addressed in the On-demand Self-Service section earlier in this paper. That section discussed the importance of authentication, authorization, and monitoring around the self-service portal in a private cloud.

However, in a private cloud environment, part of the responsibility for authorizing access to private cloud resources may lie with the client business units who may define their own procedures for authorizing the purchase of private cloud resources. It is possible that those procedures could be by-passed or ineffectively applied, enabling an individual within the organization or even an external entity to acquire cloud resources, with these resources paid for by a client business unit. By providing detailed and up to date billing information to client business units, you can encourage them to identify any such misuse of cloud resources.

This document is part of a collection of documents that comprise the Reference Architecture for Private Cloud document set. The Solution for Private Cloud is a community collaboration project. Please feel free to edit this document to improve its quality. If you would like to be recognized for your work on improving this document, please include your name and any contact information you wish to share at the bottom of this page

Any attempt to attack the measuring and billing systems may indicate an attempt to hide the use of private cloud resources by an individual or external entity.

The financial billing information that the system generates must itself be protected to a similar level as salary details. Hence, your implementation must address how to apply suitable security to this information and consider any legal or compliance factors that may apply.

Infrastructure, Platform, and Software Security

You must ensure that all monitoring and logging that relates to measurement of resource usage is complete and accurate to enable you to bill client business units. The collected data must enable you to provide client business units with enough information to understand what resources they are using. This will encourage them to identify any misuse for cloud resources, and to return unused resources to the pool.

Management Security

All access to resource measurement and billing systems must be subject to role-based access controls and fully logged. Any attempt to attack these systems may be part of an attempt to hide unauthorized use of cloud resources by individuals within the enterprise or by external entities.

The way that resource usage is measured and recorded should be transparent and auditable.



If you edit this page and would like acknowledgement of your participation in the v1 version of this document set, please include your name below:
[Enter your name here and include any contact information you would like to share]

Return to Private Cloud Security Operations Challenges

Return to A Solution for Private Cloud Security

Return to Reference Architecture for Private Cloud

Table of Contents for A Solution for Private Cloud Security