Towards a Security Management Reference Model for Vertical and Horizontal Collaborative Clouds

The re-perimeterization and the erosion of trust boundaries already happening in organizations is amplified and accelerated by Cloud Computing. Security controls in Cloud Computing are, for the most part, no different from security controls in any IT environment from a functional perspective. However, because of the Cloud service models employed, the operational models, and the technologies used to enable Cloud services, Cloud Computing may present different risks and additional requirements to an organization than traditional IT solutions. This paper focuses on security management issues for vertical and horizontal Collaborative Clouds. Based on a detailed and comprehensive analysis of requirement domains, currently offered solutions, security management objects that have to be managed, integrated or adopted, we introduce a Cloud Security Management Reference Model (CSMRM), integrating various Cloud security services of an organization and providing interoperability to identified stakeholders. This new model adopts the Security Management Infrastructure (SMI) approach and establishes the basis for a global and consistent management of the Cloud security infrastructure according to organizational goals.