Skip to main content
Please wait...

Cyber Security & Strategy

  • Data volume, velocity
    Customer 360
    Predicative and Prescriptive Analytics

Surreytech product & innovations

Surreytech has used thier expertise in Europe and implemented solutions for  challenges foudn in mnay  public and private sector iorganisations in UK, France and Sri Lanka . In the UK Surreytech is part of the uk government digital aprtners and delivered key systems to the public organisations.

Surreytech Cyber security services

  • Information security Assessment
  • Cyber security Assessment
  • Organisation Cyber Essential check
  • Disaster Response Services

Separation and cloud security

Deployment models and service models

When assessing the separation measures of a given cloud service, there are two factors determining your security and assurance requirements: The deployment model and the service model.

 

We have isolated three deployment models: public cloud, community cloud and private cloud deployments.

 

And three service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service(SaaS).

 

We’ll look at deployment models first, then move on to consider the separation requirements of the various service models. The concluding section summarises the risks associated with each of the service models.

 

Public Cloud
Public Cloud

Public cloud services can normally be accessed by anyone in possession of a credit card. For some services, an email address is all that’s required to access free trial versions.

 

So, if you are using public cloud service, you have to accept that your adversaries can legitimately purchase a service ‘next door’ to yours.

 

In such instances, you probably want a high level of confidence in the controls separating your data from that of others.

Community Cloud
Community Cloud

Community cloud services host users from a specific community, such as the public sector.

 

These communities often have a shared risk appetite and generally expect members to conform to an agreed minimum standard or legal agreement.

 

Community cloud providers can often tailor their offerings to match community requirements. For example, a service provider could choose to meet specific UK government standards for personnel security screening, or conform to the required standard to connect to a government community network. These tailored offerings can sometimes reduce risks relating to one or more of the cloud security principles.

Private Cloud
Private Cloud

Private cloud services are deployed to support a single organisation. They normally offer the ability to tailor the architecture to meet specific security and business requirements. For example, if all consumers of the service are well known and low risk, then the level of assurance in separation required may be low.

 

For processing untrusted (possibly malicious) or very sensitive data you may require higher confidence in the separation controls. You will need to manage, monitor and maintain the infrastructure, unless an agreement exists with the cloud service provider to do this.

 

In many situations a private cloud service will operate within a single security domain (for example providing a virtual desktop, or test and development resources). In such scenarios, the cloud platform is simply another part of the enterprise IT environment and should be configured, managed and monitored as such.

Which Cloud?
Which Cloud?

Infrastructure as a Service (IaaS)

 

Offerings implemented using hardware virtualisation and leading virtualisation products can provide a good level of separation between workloads and data in community and public cloud platforms.

 

However, like all complex software, IaaS offerings will never be free from vulnerabilities and the risks that these bring.

 

IaaS services also have a much greater burden on the user to configure and operate well.

 

Platform as a Service (PaaS)

 

PaaS offerings tend to have a larger attack surface than IaaS offerings since the separation between users is normally provided in higher level software rather than by a hypervisor. Community cloud PaaS offerings may provide some additional comfort for users where an acceptable use policy is in place that has been designed to reduce the risk of malicious workloads.

 

PaaS technologies are evolving rapidly and you should regularly verify that your platform choice meets your business and security needs.

 

Software as a Service (SaaS)

 

SaaS offerings tend to implement separation at a higher level than both IaaS and PaaS, meaning the potential attack surface for a would-be attacker is much greater.

 

Unless architected well these services will often present a potentially higher risk than deploying software packages for a dedicated user within an IaaS or PaaS service.

Our Business reference models

We Surreytech has worked wth many domains and has expereince in operatins and operating models. We use this expereince to ensure clients visions are realised and succeeded colaborating with the client and defining success via journies.