ETSI SR 003 391 V2.1.1 (2016-02)

SPECIAL REPORT
Cloud Standards Coordination Phase 2;
Interoperability and Security in Cloud Computing

2 ETSI SR 003 391 V2.1.1 (2016-02)

Reference
DSR/NTECH-00032
Keywords
Cloud computing, interoperability, security

ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the
print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2016.
All rights reserved.
TM TM TM
DECT , PLUGTESTS , UMTS and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members.
TM
3GPP and LTE™ are Trade Marks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.
ETSI
3 ETSI SR 003 391 V2.1.1 (2016-02)
Contents
Intellectual Property Rights . 4
Foreword . 4
Modal verbs terminology . 4
Introduction . 4
1 Scope . 5
2 References . 5
2.1 Normative references . 5
2.2 Informative references . 5
3 Definitions and abbreviations . 8
3.1 Definitions . 8
3.2 Abbreviations . 9
4 Interoperability and Security in Cloud Computing . 10
4.1 Context . 10
4.2 Objectives . 11
4.3 Content of the present document . 11
5 High-level user scenarios for interoperability and security . 11
5.1 Introduction . 11
5.2 Scenario 1: Moving data from and between Cloud Service Providers . 12
5.3 Scenario 2: Retrieving Customer data in case of Service Provider failure . 15
5.4 Scenario 3: Using on-premises identity and access management in the Cloud . 16
5.5 Scenario 4: Ensuring security in Hybrid Cloud environments . 18
5.6 Scenario 5: Ensuring portability and interoperability when migrating from a PaaS Cloud Service
Provider to another . 20
5.7 Scenario 6: The Cloud as an hybrid innovation platform . 22
5.8 Scenario 7: Conformance of Cloud Service Providers to Data Protection Regulation . 23
5.9 Scenario 8: Cloud SLA in brokered, multi CSP use cases . 25
6 Core concepts . 26
6.1 Introduction . 26
6.2 Interoperability . 26
6.3 Portability . 27
6.4 Security . 27
6.4.1 Introduction. 27
6.4.2 Information security . 28
6.4.3 Privacy . 31
6.4.4 Other concerns . 31
6.4.5 Conclusions on Security aspects . 32
6.5 Cloud Service Level Agreement (Cloud SLA) . 32
6.6 Relationship between core concepts . 33
7 Standards, certifications and frameworks for Interoperability and Security . 33
7.1 Introduction . 33
7.2 Interoperability and Portability. 34
7.3 Information security . 34
7.4 Privacy . 35
7.5 SLA . 35
7.6 Certification . 36
7.7 Other relevant standards, frameworks and legislation . 36
8 Conclusions and recommendations . 37
9 Areas for further study . 38
Annex A: Change History . 39
History . 40
ETSI
4 ETSI SR 003 391 V2.1.1 (2016-02)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server)
which are, or may be, or may become, essential to the present document.
Foreword
This Special Report (SR) has been produced by ETSI Technical Committee Network Technologies (NTECH).
The present document is approved by the NTECH Technical Committee and for publication on the Cloud Standards
Coordination website (http://csc.etsi.org).
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
Cloud Computing is increasingly used as the platform for ICT infrastructure provisioning, application/systems
development and end user support of a wide range of core services and applications for businesses and organizations.
Cloud Computing is drastically changing the way IT is delivered and used. However, many challenges remain to be
tackled. Concerns such as security, privacy, vendor lock-in, interoperability, portability, service level agreements more
oriented towards users are examples of issues that need to be addressed.
In February 2015, the Cloud Standards Coordination Phase 2 (CSC-2) was launched by ETSI to address issues left open
after the Cloud Standards Coordination Phase 1 (CSC-1) work was completed at the end of 2013, with a particular focus
on the point of view of the Cloud Computing users (e.g. SMEs, Administrations).
The present document addresses the question of interoperability and security in Cloud Computing. Though the
availability of Cloud Computing standards related to security and their level of maturity were considered as relatively
good during Cloud Standards Coordination Phase 1, some areas of concern were remaining. The present document
addresses, from the user's perspective, the relationship between interoperability and security and how a global approach
to both can increase the level of trust in Cloud Computing.

ETSI
5 ETSI SR 003 391 V2.1.1 (2016-02)

1 Scope
The present document presents the initial results of the analysis of interoperability and security in Cloud Computing.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
reference document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
Not applicable.
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or non-specific.
For specific references, only the cited version applies. For non-specific references, the latest version of the referenced
document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] ETSI Cloud Standards Coordination, Final Report, November 2013.
NOTE: See: http://csc.etsi.org/
[i.2] ETSI SR 003 381: "Cloud Standards Coordination Phase 2; Identification of Cloud user needs".
[i.3] "Cloud Computing Schemes List (CCSL)", ENISA.
NOTE: See: https://resilience.enisa.europa.eu/cloud-computing-certification.
[i.4] "Security, Trust & Assurance Registry (STAR)", Cloud Security Alliance.
NOTE: See: https://cloudsecurityalliance.org/star/.
[i.5] "Start Audit Certification Program", EuroCloud.
[i.6] Regulation (EU) No 1025/2012 of the European Parliament and of the Council, on European
standardization, 25 October 2012.
NOTE: See: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32012R1025.
[i.7] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free movement
of such data.
NOTE: See: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:31995L0046&from=FR.
ETSI
6 ETSI SR 003 391 V2.1.1 (2016-02)
[i.8] European Interoperability Framework (EIF), Towards Interoperability for European Public
Services.
NOTE: See: http://ec.europa.eu/isa/documents/eif_brochure_2011.pdf.
[i.9] ISO/IEC 19941 standard: "Information Technology -- Cloud Computing -- Interoperability and
Portability".
[i.10] Draft ISO/IEC 19041: "Information technology - Cloud computing - Interoperability and
Portability".
[i.11] Draft ISO/IEC 19044: "Information technology - Cloud computing - Data and its flow across
devices and cloud services".
[i.12] ISO/IEC 17203: "Information Technology - Open Virtualization Format Specification".
[i.13] ISO/IEC 17826: "Information Technology - Cloud Data Management Interface (CDMI)".
[i.14] ISO/IEC 19099: "Information Technology - Virtualization Management specification".
[i.15] ISO/IEC 19831: "Cloud Infrastructure Management Interface (CIMI) Model and RESTful
HTTP-based Protocol - An Interface for Managing Cloud Infrastructure".
[i.16] DMTF DSP0243: "Open Virtualization Format Specification".
[i.17] DMTF DSP0263: "Cloud Infrastructure Management Interface - CIMI".
[i.18] OASIS CAMP: "Cloud Application Management for Platforms".
[i.19] OASIS TOSCA: "Topology Orchestration Specification for Cloud Applications".
[i.20] OGF OCCI: "Open Cloud Computing Interface".
[i.21] SNIA CDMI: "Cloud Data Management Interface".
[i.22] ISO/IEC 27000: "Information technology - Security techniques - Information security
management systems - Overview and vocabulary".
[i.23] ISO/IEC 27001: "Information technology - Security techniques - Information security
management systems - Requirements".
[i.24] ISO/IEC 27002: "Information technology - Security techniques - Code of practice for information
security controls".
[i.25] ISO/IEC 27006: "Information technology - Security techniques - Requirements for bodies
providing audit and certification of information security management systems".
[i.26] ISO/IEC 27014: "Information technology - Security techniques - Governance of information
security".
[i.27] ISO/IEC 27031: "Information technology - Security techniques - Guidelines for information and
communication technology readiness for business continuity".
[i.28] ISO/IEC 24760-1: "Information technology - Security techniques - A framework for identity
management - Part 1: Terminology and concepts".
[i.29] ISO/IEC 29115: "Information technology - Security techniques - Entity authentication assurance
framework".
[i.30] OpenID.
[i.31] IETF RFC 6749: "The Oauth 2.0 Authorization Framework".
[i.32] Draft ISO/IEC 27017: "Information technology - Security techniques - Code of practice for
information security controls based on ISO/IEC 27002 for cloud services".
ETSI
7 ETSI SR 003 391 V2.1.1 (2016-02)
[i.33] Recommendation ITU-T X.1601: "Cloud computing security - Security framework for cloud
computing".
[i.34] Draft Recommendation ITU-T X.1631: "Code of practice for information security controls based
on ISO/IEC 27002 for cloud services".
[i.35] Draft ISO/IEC 19086-4: "Information technology - Cloud computing - SLA framework and
terminology - Part 4: Security and Privacy".
[i.36] CSA CCM v3.0.1: " Cloud Control Matrix".
[i.37] CSA CTP: "Cloud Trust Protocol".
[i.38] CSA A6: "Cloud Audit".
[i.39] CSA CAIQ: "Consensus Assessments Initiative Questionnaire".
[i.40] CSA TCI: "Reference Architecture - Trusted Cloud Initiative".
[i.41] Draft NIST SP 500-299: "Cloud computing security reference architecture".
[i.42] NIST SP 800-125: "Guide to security for full virtualization technologies".
[i.43] NIST SP 800-144: "Guidelines on security and privacy in public cloud computing".
[i.44] ISO/IEC 29100: "Information technology - Security techniques - Privacy framework".
[i.45] ISO/IEC 29101: "Information technology - Security techniques - Privacy architecture framework".
[i.46] ISO/IEC 27018: "Information technology - Security techniques - Code of practice for PII
protection in public clouds acting as PII processors".
[i.47] CSA PLA: "Privacy Level Agreement".
[i.48] OGF GFD.192: "Web services agreement specification".
[i.49] Draft OGF GFD.193: "Web services agreement negotiation specification".
[i.50] Draft ISO/IEC 19086-1: "Information technology - Cloud computing - SLA framework and
terminology - Part 1: Overview and concepts".
[i.51] Draft ISO/IEC 19086-2: "Information technology - Cloud computing - SLA framework and
terminology - Part 2: Metrics".
[i.52] Draft ISO/IEC 19086-3: "Information technology - Cloud computing - SLA framework and
terminology - Part 3: Core requirements".
[i.53] Draft NIST SP 500-307: "Cloud Computing Service Metrics Description".
[i.54] TMF GB963: "Cloud SLA application note".
[i.55] AICPA SOC 1: "Report on Controls at a Service Organization Relevant to User Entities' Internal
Control over Financial Reporting".
[i.56] AICPA SOC 2: "Report on Controls at a Service Organization Relevant to Security, Availability,
Processing Integrity, Confidentiality or Privacy".
[i.57] AICPA SOC 3: "Trust Services Report for Service Organizations".
[i.58] Certified Cloud Service -TüV Rheinland.
[i.59] CSA Attestation - OCF Level 2.
[i.60] CSA Certification - OCF Level 2.
[i.61] CSA Self Assessment - OCF Level 1.
[i.62] EuroCloud Self Assessment.
ETSI
8 ETSI SR 003 391 V2.1.1 (2016-02)
[i.63] EuroCloud Star Audit Certification.
[i.64] Payment Card Industry (PCI) Data Security Standard v3.
[i.65] Leet Security Rating Guide.
[i.66] Cloud Industry Forum Code of Practice.
[i.67] FedRAMP.
[i.68] EIF: "European Interoperability Framework".
[i.69] ISACA COBIT: "Control Objectives for Information and related Technology".
[i.70] ISO/IEC 20000-1: "Information Technology - Service management system requirements".
[i.71] ISO 22301: "Societal security - Business Continuity Management Systems - Requirements".
[i.72] ITIL: "Information Technology Infrastructure Library".
[i.73] ISO/IEC 17788: "Information Technology - Cloud computing - Overview and vocabulary".
[i.74] ISO/IEC 17789: "Information Technology - Cloud computing - Reference architecture".
[i.75] Recommendation ITU-T Y.3500: "Information Technology - Cloud computing - Overview and
vocabulary".
[i.76] Recommendation ITU-T Y.3502: "Information Technology - Cloud computing - Reference
architecture".
[i.77] C-SIG: "Code of conduct".
[i.78] ISO/IEC 25010: "Systems and software engineering -- Systems and software Quality
Requirements and Evaluation (SQuaRE) -- System and software quality models".
[i.79] ISO/IEC 13888-1: "Information technology -- Security techniques -- Non-repudiation --
Part 1: General".
[i.80] ISO/IEC 38500: "Information technology -- Governance of IT for the organization".
[i.81] ISO 31000: "Risk management -- Principles and guidelines".
[i.82] ETSI SR 003 392: "Cloud Standards Coordination Phase 2; Cloud Computing Standards Maturity
Assessment; A new snapshot of Cloud Computing Standards".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
cloud service: one or more capabilities offered via cloud computing invoked using a defined interface
NOTE: Source: Recommendation ITU-T Y.3500 [i.75] | ISO/IEC 17788 [i.73], clause 3.2.8.
Cloud Service Customer (CSC): party which is in a business relationship for the purpose of using cloud services
NOTE: Source: Recommendation ITU-T Y.3500 [i.75] | ISO/IEC 17788 [i.73], clause 3.2.11.
Cloud Service Provider (CSP): party which makes cloud services available
NOTE: Source: Recommendation ITU-T Y.3500 | ISO/IEC 17788 [i.73], clause 3.2.15.
ETSI
9 ETSI SR 003 391 V2.1.1 (2016-02)
interoperability: ability of two or more systems or applications to exchange information and to mutually use the
information that has been exchanged
NOTE: Source: Recommendation ITU-T Y.3500 [i.75] | ISO/IEC 17788 :2014 [i.73], clause 3.1.5.
party: natural person or legal person, whether or not incorporated, or a group of either
NOTE: Source: Recommendation ITU-T Y.3500 [i.75] | ISO/IEC 17788 [i.73], clause 3.1.6.
Service Level Agreement (SLA): documented agreement between the service provider and customer that identifies
services and service targets
NOTE: Source: ISO/IEC 20000-1:2011 [i.70], clause 3.29.
Standards Setting Organization (SSO): any entity whose primary activities are developing, coordinating,
promulgating, revising, amending, reissuing, interpreting, or otherwise maintaining specifications and standards that
address the interests of a wide base of users outside the standards development organization
Standards Development Organization (SDO): standards setting organization that has a formal recognition by
international treaties, regulation, etc.
NOTE: The SDOs are a subset of the SSOs.
standard: output from an SDO (see Regulation (EU) No 1025/2012 [i.6])
specification: output from an SSO (see Regulation (EU) No 1025/2012 [i.6]) that may become a standard when ratified
by an SDO
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AICPA American Institute of Certifies Public Accountants
API Application Programming Interface
AUP Acceptable Use Policy
BCP Business Continuity Policy
CAIQ Consensus Assessments Initiative Questionnaire
CCM Cloud Control Matrix
CCSL Cloud Computing Schemes List
CDMI Cloud Data Management Interface
CIMI Cloud Infrastructure Management Interface
COBIT Control Objectives for Information and related Technology
CSA Cloud Security Alliance
CSB Cloud Service Broker
CSC Cloud Service Customer
CSC-1 Cloud Standards Coordination Phase 1
CSC-2 Cloud Standards Coordination Phase 2
C-SIG Cloud Select Industry Group
CSP Cloud Service Provider
CTP Cloud Trust Protocol
DMTF Distributed Management Task Force
EC European Commission
EIF European Interoperability Framework
ENISA European Union Agency for Network and Information Security
EU European Union
GDPR General Data Protection Regulation
HTTPS HyperText Transfer Protocol Secure
IAM Identity and Access Management
ICT Information and Communications Technology
IEC International Electrotechnical Commission
IETF Internet Engineering Task Force
ISO International Organization for Standardization
IT Information Technology
ITIL Information Technology Infrastructure Library
ETSI
10 ETSI SR 003 391 V2.1.1 (2016-02)
ITU International Telecommunication Union
ITU-T ITU Telecommunication Standardization Sector
MSA Master Service Agreement
NIST National Institute of Science and Technology
OASIS Advancing Open Standards for the Information Society
OCCI Open Cloud Computing Interface
OCF Open Certification Framework
OGF Open Grid Forum
PaaS Platform as a Service
PCI Payment Card Industry
PII Personally Identifiable Information
PLA Privacy Level Agreement
QoS Quality of Service
RBAC Role Based Access Control
SAML Security Assertion Markup Language
SDO Standards Development Organization
SIG Special Interest Group
SLA Service Level Agreement
SNIA Storage Networking Industry Association
SOC Service Organization Control (AICPA)
SSO Standards Setting Organization
STAR Security, Trust & Assurance Registry
STF Specialist Task Force
NOTE: An ETSI structure for internal projects.
STS Security Token Service
TCI Trusted Cloud Initiative
TMF TeleManagement Forum
VPN Virtual Private Network
WP Work Package
XML Extensible Markup Language
4 Interoperability and Security in Cloud Computing
4.1 Context
The Cloud Standards Coordination project
Cloud Standards Coordination Phase 1 (CSC-1) took place in 2013 as a community effort supported by ETSI and
primarily addressed the Cloud Computing standards roadmap. In December 2013 the results were publicly presented in
a workshop organized by the European Commission (EC).
The Final Report [i.1] of Cloud Standards Coordination Phase 1 provides a snapshot on the Cloud Computing
standardization landscape at the end of 2013. It is available at:
• See: http://csc.etsi.org/
Cloud Standards Coordination Phase 2
Given the dynamics of the Cloud Computing market and standardization, Cloud Standards Coordination Phase 2 (CSC-
2) was launched in February 2015 with, in particular, the objective of producing an updated version of the standards
maturity assessment (i.e. a "snapshot") of the Cloud Computing standardization landscape. CSC-2 aims to better take
into account the needs of Cloud Computing customers on their Cloud related requirements and priorities. This will help
CSC-2 to further assess the maturity of Cloud Computing standards and evaluate how standards can support the Cloud
Computing customers' priorities.
Interoperability and Security in Cloud Computing
Security was one of the points of attention of Cloud Standards Coordination Phase 1. Though the availability of Cloud
Computing standards related to security and their level of maturity were considered as relatively good, some areas of
concern were remaining.
ETSI
11 ETSI SR 003 391 V2.1.1 (2016-02)
The topic of Security in Cloud Standards Coordination Phase 2 was addressed in several of the questions included in the
CSC-2 web survey report (see [i.2]). Security is consistently ranked as one of the top user concern. The following
remark is made in the report:
"Security" in general is without doubt a major concern for most users, customers and providers alike, in particular in a
Cloud setting, as the resources typically are shared and the data integrity as a consequence needs additional attention
to ensure a retained confidence in regard of the ownership of data aspects. Many users are concerned about "losing the
control of data", in many cases probably justifiably so. Unless Security - all relevant aspects of Security related to
Cloud Computing - is fully addressed and the users are made aware of available options and existing protocols and
standards that can be used to build reliable Cloud Computing offerings, the adoption of Cloud Computing is likely to
continue to grow slowly".
The present document addresses interoperability and security in Cloud Computing. The analysis is based on a number
of high-level user scenarios and a description of core concepts identified as relevant for all user scenarios. The present
document further presents existing standards relevant for the high-level user scenarios and the core concepts identified.
4.2 Objectives
The main objectives are to:
• Identify and present high-level user scenarios that together provide a sufficient base for presentation of role
and importance of and relationship between interoperability and security.
• Identify and present the core concepts covered by the user scenarios.
• Present related existing standards.
• Provide conclusions based on the analysis presented before.
4.3 Content of the present document
Clause 5 of the present document presents some high-level user scenarios in the present document that are included to
illustrate and describe the role and importance of and relationship between the core concepts interoperability and
security in particular.
Clause 6 presents the core concepts referred to in clause 5, namely Interoperability, Portability, Security, and its
sub-areas, and Service Level Agreements.
Clause 7 lists identified existing standards and certification schemes for Interoperability, Portability, Security and
Service Level Agreements.
Clause 8 highlights preliminary conclusions and recommendations from the analysis presented in the present document.
Clause 9 suggests some areas for further work.
5 High-level user scenarios for interoperability and
security
5.1 Introduction
This clause presents some high-level user scenarios that are included in the present document in order to illustrate and
describe the role and importance of the relationship between interoperability and security. Please note that the list of
scenarios obviously is far from exhaustive. It only serves the purpose of highlighting some but certainly not all of the
cases where security and interoperability are important issues in the Cloud Computing space.
ETSI
12 ETSI SR 003 391 V2.1.1 (2016-02)
The purpose of the clause is to place the "core concepts" in context. Core concepts are key "transversal" aspects
(sometimes called "non-functional" or "cross cutting aspects") that need to be coordinated and implemented consistently
in a Cloud Computing system. These core concepts typically have an impact on many areas in a Cloud Computing
system, such as Cloud services, business processes, operational systems, and have to be considered in all engineering
phases of a Cloud Computing system (i.e. from supported use cases, required capabilities and their design,
implementation and deployment). The Core Concepts are further elaborated in clause 6.
NOTE: The purpose of scenarios presented is not to present a comprehensive list of use cases, concepts,
requirements and concerns related to the core concepts listed in the scenarios. The purpose is to illustrate
and disclose how some well-known aspects need to be understood and in most cases addressed through
the provision of standards, solutions and/or certification schemes that target individual areas of the
scenarios.
For the following presentation the same structure is used for describing the scenarios:
• Questions are included to prepare the ground for a more elaborate description of the scenarios, presented as
high-level use cases and followed by a presentation of high-level requirements.
• Based on this the core concepts covered by the scenario and other relevant aspects are identified.
• Finally, conclusions and remarks summarize the scenario.
5.2 Scenario 1: Moving data from and between Cloud Service
Providers
Example of questions to illustrate the scenario:
• "I want to retrieve my data from my Cloud Service Provider".
• "I would like to move from a Cloud Service provider to another - can I move my data?"
Scenario description:
This scenario covers two different use cases:
1) In the first Use Case, the Cloud Service Customer (CSC) wants to retrieve all data that is handled by the Cloud
Service Provider (CSP), physically moving the data from the CSP to the CSC's own systems (either on-site or
to a designated outsourcing partner).
2) In the second Use Case, the CSC wants to move its data residing at a particular CSP from the current CSP to
another CSP.
High- level requirements:
The motive for the data transfer is different in the two Use Cases, but the underlying criteria, needs and requirements
are quite similar. In order to meet the request of the CSC, many individual capabilities of the Cloud service have to exist
and the related obligations and activities should be mutually agreed upon, captured in a Cloud Service Level Agreement
(SLA) or corresponding agreement (contract) set up between the CSC and the CSP. It is also critical to understand the
implications of any legislation or regulation in effect, that is relevant for the data migration. This is particularly
important if the data is to be moved over geographies with different overarching legislation, e.g. from any member
states within the European Union to a country outside the EU.
ETSI
13 ETSI SR 003 391 V2.1.1 (2016-02)
In order to be able to act on the CSC's request, at minimum the following requirements and capabilities most likely have
to be supported:
1) Cloud Service Level Agreement (Cloud SLA):
The contract, typically manifested in a Cloud SLA, between the CSC and the CSP should define the
obligations of the CSP in terms of providing the CSC's data, with definitions of e.g. response time, data
categories and taxonomies covered by the agreement, exchange and removal of audit trail (log) data and more.
A particular important aspect of the Cloud SLA pertinent to this scenario is that it should also define the
obligations of the CSP regarding safe erasure of all data of the CSC after the CSC has moved off its data from
this CSP's infrastructure, including both data belonging to the CSC as well as derived data resulting from using
the CSP's cloud service (such as audit trails etc.). Besides the cost of storing the data, the Cloud SLA should
also stipulate the cost model for moving off the data.
2) Data portability:
A basic prerequisite for this scenario is that the requirements for data portability have been met, between the
CSP and the CSC (use case 1) and between the old CSP and the new CSP (use case 2), respectively. To
facilitate data portability, adequate interoperability need to exist. Interoperability at semantic, syntactical and
technical levels will facilitate an effortless transfer of data. Even if only semantic interoperability exists, data
portability at syntactical level and technical can be achieved using data mapping tools (mapping data from one
syntax to another, e.g. from XML to semi colon delimited text file formats) and transport protocol mapping
tools. However, if the data models defining the data semantic are substantially different, the data transfer will
most likely be difficult and cumbersome to achieve. Aspects of data portability and interoperability are
detailed in the upcoming ISO/IEC 19941 standard [i.9].
3) Data ownership and data definitions:
In order to offer transfer of data, the data itself need, of course, to be defined, stored and generally handled in
such a way that a migration of data can be executed without any significant extra work. In order to achieve
this, semantic, syntactical and technical interoperability have to be ensured and to exist in order to facilitate
data portability. This in turn requires both the CSC and CSP to establish and agree upon on some basic data
classification and taxonomy principles, including (but not restricted to):
- defining data ownership, i.e. defining the data that belongs to the CSC and the CSP, respectively,
- classification of data (e.g. according to criticality),
- defining and enforcing data integrity and security policies.
As pointed out above, in order to define and establish a clear separation between the CSC data and data that
belongs to the CSP, all aspects of ownership of data need to be understood. Concepts such as "derived data"
and "audit trails" (resulting from data operations) are particularly critical in this respect. The responsibilities
pertinent to data management are generally captured in the Cloud SLA, but it falls on both the CSC and the
CSP to ensure that all aspects of secure and controlled data management are in place before the Cloud service
offered by the CSP becomes operational.
4) Data protection:
Ensuring that the data belonging to the CSC is well protected by the CSP that provides the Cloud service used
by the CSC is a fundamental key capability in Cloud Computing. In the relationship between the CSC and the
CSP, the responsibilities and related measures needed to ensure that the CSC's data is secure and protected is
typically described in the Cloud SLA (or other form of contract between the parties involved in the Cloud
service). A particularly important aspect is the potential use of encryption (together with key management) to
further secure and protect the data of the CSC, both during the operation of the cloud service provided by the
CSP as well as during the transfer of data (as defined in the two use cases comprising this scenario). As with
the definition of Data, it is important that the responsibilities and tasks are well defined and understood by all
stakeholders (including the use of any third party vendors providing, e.g. solutions for encryption of data).
The CSP should offer security and privacy enhanced mechanisms for data protection providing capabilities
that allows the CSC to monitor the use and encryption of data owned by the CSC.
Finally, Data protection also involves ensuring that back-up data is well protected, typically as part of as
disaster-recovery or contingency plan.
ETSI
14 ETSI SR 003 391 V2.1.1 (2016-02)
5) Identity and Access Management (IAM)
Identity and Access Management (IAM) is concerned with the following:
- Authorization and security policy management:
This function is further described in clause 9.5.2.2.2 of the Cloud Computing Reference Architecture
standards commonly published as ISO/IEC 17789 [i.74] and Recommendation ITU-T Y.3502 [i.76].
A critical aspect of data exchange in Cloud scenarios is the provision and use of authorization and
security policy management. This aspect covers e.g. who is authorized to access data, how the
authorization should be carried out, integration with and enforcement of the CSC's security policies,
general data management and more. Authorization and security policy management belong to the
security systems related multi-layer functions according to the Cloud Computing Reference Architecture
standard (see Recommendation ITU-T Y.3502 [i.76] | ISO/IEC 17789 [i.74]).
- Authentication and identity management:
This function is further described in clause 9.5.2.2.1 of the Cloud Computing Reference Architecture
standards commonly published as ISO/IEC 17789 [i.74] and Recommendation ITU-T Y.3502 [i.76].
A secondary function of data management is the authentication and identity management functionality
provided by the CSP. This function allows the CSC to securely access the services and related data
provided by the CSP. Authentication and identity management belong to the security systems related
multi-layer functions according to the Cloud Computing Reference Architecture standard (see
Recommendation ITU-T Y.3502 [i.76] | ISO/IEC 17789 [i.74]).
- Access control:
Access control is the collective term for the function that governs and controls the access of users to
Cloud services. "Access control limits users to the use of particular services. Principally, access control
involves the authentication of a user through the presentation and validation of credentials, followed by
the authorization of this authenticated user to use specific services. Associated with this is identity
management" (quote from the Cloud Computing Reference Architecture standard, Recommendation
ITU-T Y.3502 [i.76] | ISO/IEC 17789 [i.74]). Access control in the access layer uses capabilities of the
multi-layer functions manifested as functional components (e.g. those described above in the previous
bullet items). All aspects of access control need to be defined in the Cloud SLA or similar contract that
defines the obligations and responsibilities of the CSP (and the CSC).
6) Certification:
For CSCs, it is necessary to be able to rely on the Certification of CSPs as a step towards selecting only those
CSPs that offer Cloud Services that meet the criteria necessary to ensure a smooth data migration. Certification
allows the CSP to provide commitments on aspects such as security, and privacy, portability and
interoperability enabling a CSP to pick a suitable CSP.
The level of complexity in this scenario will obviously depend on the type of data that is subject to migration. Data
transfer of critical and sensitive information will obviously require more attention and most likely more work than
migration of low value and non-critical data. When planning for the data transfer, existing data classification and data
categorizations might provide valuable reference points for assessing the workload and subsequent activities needed for
the transfer. The data volume and the infrastructure (such as available bandwidth) also factor in.
Core concepts covered by the scenario:
Disclaimer: please note that the core concepts (cross cutting aspects) presented in this clause are examples of concerns.
Other concerns might also be relevant. The list of core concepts is presented to illustrate the issue presented in the
respective clauses, without the intention to provide an exhaustive and complete list of core concepts.
Data Portability, Data Integrity, Data Protection, Interoperability (primary semantic and syntactical), Certification,
Identity and Access Management (IAM), Cloud SLA.
Other aspects:
Contract, Conformance, legislations/legality.
ETSI
15 ETSI SR 003 391 V2.1.1 (2016-02)
Conclusions and remarks:
This scenario exposes the many facets of data po
...