An overlapping relationship could be identified as existing between the transparency categories and its deployment practices. It could be argued that some CSPs provide the actual information that corresponds to their environment, while a proportion plausibly opt to provide false information to keep step with market competition, and others may attempt to conceal certain damaging information that could affect their reputation.
Security Transparency
Proactive
Reactive
Contractual
Opaque Explicit Opaque Explicit Explicit
Figure 4.3 Relationship between transparency categories and deployment practices.
Figure 4.3 illustrates how each security transparency category is associated with one of the two deployment practices. For instance, a CSP may proactively provide transparency through security whitepapers regarding the security and compliance measures they have in place to protect customer assets. The CSP, nonetheless, may deploy an explicit security transparency practice to provide detailed information into their existing monitoring and prevention controls that prevent attacks, malware and other unauthorized activities while refraining from disclosures that expose them to risks. However, it may choose to deploy an opaque transparency practice to state the existence of security controls that either fail to capture the actual state of controls or are presented in an ambiguous form. Moreover, contention in this regard upholds the opinion that contractual security transparency is mainly associated with explicit deployment practice. This argument is supported by the fact that contracts are enforced by law and become legally bound once an agreement is reached between the CSP and the user. Thus, a
45
CSP is less likely to provide non-transparent or ambiguous disclosures that could result in ramifications and consequently lead to indemnifying its customers.
4.10 Summary
This chapter provides the fundamental properties and basics of security transparency. It presented a new definition of security transparency from a cloud computing perspective and essential areas of focus for security transparency in the cloud. Also, it offered the reasons for ensuring security transparency and how transparency can support businesses. The chapter also discussed the salient properties of cloud security transparency such as auditability, accountability and assurance, as well as the barriers that hinder transparency. Further, the principles and categories of security transparency are introduced which provide the basis for developing the CSTF. Importantly, the chapter introduced security transparency deployment practices that are also used in determining the level of security transparency offered by CSPs.
46
CHAPTER FIVE
Cloud Security Transparency Framework 5.1 Introduction
In this chapter, an overview of the security transparency and audit framework is presented. The term framework is often used in various domains such as information systems design, business process, and software engineering, etc. By definition, a framework is a holistic set of abstracted ideas or rules that can be used to deal with or solve a particular problem (Succar, 2009). From software engineering perspectives, a framework is defined as a set of classes that embodies an abstract design for solutions to a family of the problem (Johnson and Foote, 1988). In general terms, a framework is defined as a set of concepts that layout key factors, constructs or variables and the presumed relationship among them (Zachman, 1987).
The motivation for adopting a framework-oriented approach in this research is that it ensures a thorough elucidation and manageable implementation of conceptual ideas. It also helps in identifying and connecting conceptual components to ensure consistency, efficiency and effectiveness, as well as identifying interrelationships between these components. Therefore, the cloud security transparency framework presented in this chapter provides a logical representation and interrelation of salient concepts that are necessary for the implementation of a conceptual remedy. It follows three different levels of abstraction along with associated concepts within these levels. These levels build the bridge from the concepts necessary for transparency with the organizational settings and technical means for implementation
Additionally, the framework incorporates many techniques for enhancing security transparency and concentrates on providing a comprehensive means for auditing assets outsourced to the cloud. It takes a high-level set of concepts, decomposes and associates them with each other to provide a level of detail that allows for clarity in implementation. To achieve coherence and consistency in the framework, concepts are modelled using a renowned methodology for requirements engineering called Secure Tropos (Mouratidis and Giorgini, 2007), that is based on the i* modelling (Yu, 1997), which uses the concepts of actors, goals and social dependencies for defining the obligations of actors (dependees) to other actors (dependers). Secure Tropos contains concepts such as constraints, security constraints, secure dependencies, secure goal, etc. In this way, concepts from Secure Tropos are considered and extended in identifying and forming concepts for the framework.
In addition, a common vocabulary that is based on ontologies is used, which provides a reliable solution to achieve the desired objective of the framework. Ontology is defined as an explicit specification of conceptualisation that can be looked at as an abstract, simplified view of the world that is to be
47
represented by some purpose (Gruber, 1993). Ontologies are generally used for two purposes: for knowledge representations and knowledge retrieval. Ontologies also provide supplementary benefits such as reuse of domain knowledge, making domain assumptions explicit, and to analyse domain knowledge (Spyns et al., 2002). The ontology-based approach enables the definition of concepts and their dependencies in a more understandable way. In summary, the reasons for the ontological approach in the framework development are: ontology ensures coherent conceptualisation of real-world domains; it enables the specification of the semantic relationship between various concepts; and provides a common understanding of the structured association between different concepts.