Architecting security into the clouds: An enterprise security model

Most large corporations and the DoD are moving to implement a common computing environment to support net-centric views, expose authoritative data sources, increase agility, and reduce costs. This Cloud environment will provide a commoditized infrastructure allowing the corporation or Agency to gain efficiencies by focusing on developing granular mission capabilities that leverage common system mechanisms rather than focusing on developing infrastructures to support large individual systems. This approach advocates thin clients for the users, and provides services by the service provider over shared commodity resources. The mobile users are then allowed to not only view large data sets, but empowered to execute large transactions over regionally diversified data sets and computing resources. The technological concept is not new, however the implementation approach presents a strategic shift in the way organizations provision and manage their IT resources. The protection requirements on the data sets vary depending on the data type, originator, user, and sensitivity level. Additionally, the systems that fuse such data would have to deal with classifying the outcome and clearing the computing resources prior to allowing new application to be executed. This indicates that we could end up with a multi-level security system that needs to follow specific rules and the need to send the output to a protected network in order not to have data spill or contaminated resources. This paper discusses these requirements and the potential impact on the cloud architecture. Additionally, the paper discusses the unexpected advantages of the cloud framework providing a sophisticated environment for information sharing and data mining.