When it comes to cloud services, infrastructure as a service (IaaS) finds its place near the top of the list. Many organizations partner with cloud providers to access virtual machines (VMs), cloud storage and database management systems (DBMS), and these resources are accessed via the service provider’s virtual infrastructure.
When using IaaS, though, organizations must also consider their own security requirements. Organizations rely on several protection options to ensure the best security. But often they lack the proper information to decide which solutions best meet their needs.
To help clarify the available options for security, the National Institute of Standards and Technology (NIST) has created a document that outlines the various protection options and provides analysis based on two points:
- Security functionality provided
- The type of architecture used to provide the service
The paper is available for download in our IT Downloads area, under the title, “Protection Options for Virtualized Infrastructures in IaaS Cloud.”https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
The document is in PDF format and is divided into nine sections, including the Introduction and Conclusion and Benefits. The main sections involve identifying the use cases and delving into each case’s security requirements. Then, the section provides the protection options that fit those requirements. The use cases included are:
- Checking out VM images
- Configuring VM instance OS (Guest OS)
- Configuring virus/malware protection for VM instance
- Configuring VM instance access protection
- Configuring VM instance isolation
- Comprehensive data protection in IaaS cloud service
This document provides cloud service providers and organizations that consume cloud services with a detailed background of security situations for many use cases. It gives administrators the information needed to make educated decisions on the best security provisions for their use and can bring about important dialogue between the organization and the provider. It will help both sides find and provide the right security protection for their unique use cases.