A Solution for Private Cloud Security

A Solution for Private Cloud Security

Welcome to the "A Solution for Private Cloud Security" series of three papers on private cloud security. With increasing numbers of organizations looking to create imagecloud-based environments or to implement cloud technologies within their existing data centers, business and technology decision-makers are looking closely at the possibilities and practicalities that these changes involve.



Evidence of this growth of interest in the cloud is shown by organizations such as Gartner, who in their 2011 poll of Chief Information Officers identified cloud computing as the top technology priority


Note:

This document is part of a collection of documents that comprise the
Reference Architecture for Private Cloud document set. The Solution for Private Cloud is a community collaboration project. Please feel free to edit this document to improve its quality. If you would like to be recognized for your work on improving this document, please include your name and any contact information you wish to share at the bottom of this page 


Although the increase in business agility coupled with greater flexibility of service provisioning are convincing arguments in favor of moving to the private and hybrid cloud models, significant deployment blockers remain. The Gartner 2012 Planning Guide on Security and Risk Management identified security as the top issue for cloud adoption. Consequently, progress towards implementing private cloud technologies will not advance without organizations and IT departments showing how they can effectively address these concerns.

Microsoft is investing heavily on developing innovative technologies that enable organizations to design and create robust and comprehensive private and hybrid cloud environments. This guidance considers the security aspects of these designs and consists of the following three papers:

Blueprint for A Solution for Private Cloud Security



Design Guide for A Solution for Private Cloud Security



Operations Guide for A Solution for Private Cloud Security

Together, these three documents provide a comprehensive explanation of the process for designing and running security for such a private cloud environment. These documents all use the Microsoft Private Cloud Reference Model as the framework for the security discussion.



Download all three documents in the A Solution for Private Cloud Security document set in Word format.



Figure 1 provides a graphical representation of the documents that comprise the "A Solution for Private Cloud Security" document set. You can download this document map in Visio .vsd format, which contains clickable links to each document.





Figure 1 - Content Map for "A Solution for Private Cloud Security"


 

Complete Table of Contents for “A Solution for Private Cloud Security”

A Solution for Private Cloud Security

Blueprint for a A Solution for Private Cloud Security

Defining the Private Cloud Security Domain

Cloud Security Challenges

Private Cloud Reference Model – Security Perspective

Private Cloud Security Model

Design Guide for A Solution for Private Cloud Security

Private Cloud Security Design Principles

Private Cloud Security Design Challenges

Operations Guide for A Solution for Private Cloud Security

Private Cloud Security Operations Principles

Private Cloud Security Operations Challenges


Series Aim

The aim of the Solution for Private Cloud Security documents is to provide you with an architectural view for understanding, designing and operating effective security within a private cloud environment.

Audience

This series targets a range of potential audiences, all of whom fall within the National Institute of Standards and Technology (NIST) definition of a cloud provider. These audiences can include the following cloud roles:

  • Decider
  • Designer
  • Implementer
  • Operator

We hope you find this series useful and informative. To provide review comments and feedback, please write to Tom Shinder at tomsh@microsoft.com.



CONTRIBUTORS AND REVIEWERS

We would like to give a heartfelt thanks to the following contributors and reviewers for this beta (v0.95) version of the "A Solution for Private Cloud Security" document set. Without their comprehensive and detailed writing and reviews, this work could not have been possible.



Anthony Stevens, Content Master (author)

Dominic Betts, Content Master (author)

Thomas W Shinder, M.D., Microsoft Corporation (reviewer and project manager)

Yuri Diogenes, Microsoft Corporation (reviewer)

Fernando Cima, Microsoft Corporation (reviewer)

Frank Koch, Microsoft Corporation (reviewer)

Scott Culp, Microsoft Corporation (reviewer)

Allen Brokken, Microsoft Corporation (reviewer)

The Private Cloud Security v-team, Microsoft Corporation (reviewer)

RESOURCES:



ACKNOWLEDGEMENTS LIST:

If you edit this page and would like acknowledgement of your participation in the v1 version of this document set, please include your name below:

[Enter your name here and include any contact information you would like to share]



Return to Reference Architecture for Private Cloud



Move forward to Blueprint for Private Cloud Security

  

   

 



Sort by: Published Date | Most Recent | Most Useful
Comments
  • As an employee of a Government Contractor that must comply with Agency Requirements from DOD, DCAA, Each Branch of the Military, as well as legislation such as ITAR (plus the SEC - SOX) I have been researching  to find out if Microsoft's Private Cloud Will comply with all of the contradictory rules and regulations of the FAR (www.acquisition.gov/.../index.html) which is often contradictory and absurd.  Does anyone have a short answer or a place that refers to government contractors specifically?  I have only been able to locate data relating to Government Usage of Private Cloud Technology and not information specific to contractors which obviously have the burden of having to comply with all of the above agency's without any assistance from them because they decided not to help about five years ago.  It is obvious that this is the future however from what I have been able to decipher it seems like the only way to actually be in compliance would be to set up multiple private clouds that would make the entire accounting process very segregated and make the implimentation of an accurate business intelligence system highly difficult?  Any information would really help me from starting a woodworking refinishing business.

  • May I have a downloading for this file , and transfer it to my mobile phone for reading in my free times .........I need a downloading link ..........

  • Good Article.

  • Nice work. It helped me a lot, really. Especially in overcoming cloud security challenges

  • We've got an overview ,is there any security standard or certification authority there ?

  • We've got an overview ,is there any security standard or certification authority there ?

  • Great Article!

  • Very informative security models, Thom. Thanks! Great work.

  • GOOD ARTICLE!!!