Professional Documents
Culture Documents
Our Teams
During its early days, the idea was defined in many ways by different sections of people as they presented
it from their respective view points. Academicians, computer engineers, system architects, software
developers, and consumers had their own ideas and suggestions about the models for this new approach
of computing.
Any technology needs a standard model for the conveniences of understanding uniformity.
4.1.1 The NIST Model
The most appreciated and accepted model of cloud computing was provided by the National Institute of
Standards and Technology (NIST) of U.S. The model was published in a document titled as ‘NIST Cloud
Computing Reference Architecture’ by Information Technology Laboratory of NIST in 2011. Following is the
statement by the NIST: “Cloud computing is a model for enabling ubiquitous, convenient, on-demand
network access to a shared pool of configurable computing resources (e.g., networks, servers, storage,
applications and services) that can be rapidly provisioned and released with minimal management effort
or service provider interaction. This cloud model is comprised of five essential characteristics, three service
models, and four deployment models.”
4.1.1.1 Deployment and Service Models
The NIST model of cloud computing separates cloud computing in two categories. One category is based on the operational or
deployment pattern of the cloud and the other one is based on the nature of service that the cloud provides.
NIST defines cloud computing by describing five essential characteristics, three cloud service models and four cloud deployment models
4.1.1.2 Essential Characteristics
The NIST model of cloud computing comprises five essential characteristics or requirements, which differentiates the cloud model from
traditional computing approach.
- On-demand self-service
Cloud computing service is delivered by third-party service provider as per users’ demand.
- Resource pooling
Cloud vendors maintain pools of computing resources to support all users’ computing need.
- Broad network access
Rapid provisioning and release of resources is critical for building a low cost computing facility
- Measured service
The metering of actual resource consumption dramatically reduces the cost of computing since users are no more charged for any idle resources
4.1.1.3 Multi-tenancy
The NIST model does not include multi-tenancy as an essential characteristic of cloud
computing model.
All of three computing models as cluster, grid and cloud are distributed in nature and share many similar
characteristics. The study of the five essential characteristics of cloud computing in cluster and grid
architecture makes this new paradigm easier to be compared with former computing models. Table 4.1
summarizes the whole thing.
4.1.2 The Reference Architecture
The NIST cloud computing reference architecture focusses on ‘what’ cloud services must provide, not ‘how to’
implement solution.
4.1.2.1 The Actors and Their Roles
The NIST cloud computing model describes five major actors as shown in Figure 4.3. These actors play key
roles in the cloud computing business. Each actor in the reference model is actually an entity; that is, either
a person or an organization. The entities perform some tasks by participating in transactions or processes.
Cloud broker establishes and eases the interaction between consumers and providers
Private cloud does not support multi-tenancy and thus cannot offer much in terms of cost efficiency. But, it ensures more
security and privacy of data.
4.1.1.3 Multi-tenancy
The NIST model does not include multi-tenancy as an essential characteristic of cloud
computing model.
Community cloud provides advantages of public cloud deployment combining with the promise of private
cloud like security and privacy of data.
4.2.4 Hybrid Cloud
A hybrid cloud is generally created by combining private or community deployment with public cloud
deployment together. This deployment model helps businesses to take advantage of private or community
cloud by storing critical applications and data.
Cloud deployment states how exclusively a cloud consumer can use the computing resources.
The choice of appropriate cloud deployment depends on several factors. It largely depends on the business needs
and also on the size and IT maturity of consumer organization. Consumers should analyze the pros and cons of
on-premises and off-premises deployment options and must be careful before selecting a cloud deployment
model as different deployments are best fitted for serving different requirements. Business need and security
need (especially that of data) are two important factors which play significant role in the decision making.
To select the appropriate cloud deployment model, one will have to assess the business needs, strengths and
weaknesses of a model, privacy/security requirements and goals of the organization.
4.3.1 Economies of Scale
Public cloud deployment is most economical for consumers among different deployments
❖ The globally-accepted definition and model for cloud computing came from the National Institute of Standards and Technology (NIST), United
States. The definition divides cloud computing into two separate categories: cloud deployment and cloud service.
❖ The NIST model specifies the essential characteristics which have to be taken care of while building cloud. It says that the cloud computing
should have the qualities of on-demand self service, resource pooling, broad network access, rapid elasticity and measured services.
❖ Apart from the five characteristics identified by NIST as essential, multi-tenancy is also being considered an important feature of cloud
computing, especially for public cloud.
❖ The NIST cloud reference architecture also identifies the actors of cloud and defines their roles. Five actors of cloud computing are consumer,
provider, auditor, broker and carrier.
❖ Among different cloud deployments, public cloud provides financial advantages over others and it can be accessed by anyone. Private cloud is
for organizational use and can only be accessed by a limited number of users belonging to a single organization. Hence, it can provide more
protected or restricted computing environment.
❖ Community cloud can be used by multiple consumers belonging to a single community. Hybrid deployment combines public with private (or
community) deployments to maintain a balance and take advantage of both.
❖ The choice of cloud deployment mainly depends on business as well as security needs.
❖ Public cloud is most economic among all of the types of cloud deployments. Generally, the consumers have maximum control over private
cloud deployments
Chapter 5 : Cloud Computing Services
5.1 SERVICE DELIVERY MODELS
Three categories of computing services that people consume from the days of traditional computing have been
already mentioned in the first chapter. They are:
■ Infrastructure Service
■ Platform Service
Cloud computing offers computing infrastructure, platform and application delivered ‘as-aservice’. Those services
are considered as primary cloud computing services and are referred to as:
■ Infrastructure-as-a-Service (IaaS)
■ Platform-as-a-Service (PaaS)
■ Software-as-a-Service (SaaS)
Service layer is the topmost layer of cloud service orchestration
over the resource abstraction and control layer. The service layer
includes three major cloud services as SaaS, PaaS and IaaS. The
PaaS layer resides over IaaS and SaaS layer resides over PaaS. In this
layered architecture, the service of a higher layer is built upon the
capabilities offered by the underlying layers.
Hardware resources in cloud computing are not directly accessible to users. IaaS model provides all hardware
components in virtual mode as virtual processor, virtual storage, virtual switches etc.
5.1.3 Software-as-a-Service
Cloud based software services (SaaS) was matured before the inception of the cloud platform or infrastructure
services.
One point to note here is that there is no functional relation between cloud deployment models and delivery
models. Any delivery model can exist in any deployment scenario and thus any delivery/deployment pairing is
possible. Although, SaaS offerings are mostly public services and hence the SaaS/public combination is more
common than the other combinations
5.4 A TRADITIONAL SYSTEM vs CLOUD SYSTEM MODEL
In traditional computing environment, anyone interested to work at a layer will have the responsibility of
managing everything down the stack.
Cloud computing takes responsibilities out of customer’s shoulder and hides underlying complexities of
computing system based on at which computing layer a customer works.
ASP model of the 1990s was the first attempt for Internet-delivery of software but comparatively it was more
similar to the traditional application model than the SaaS model
5.5.1 ASP model versus SaaS model
5.5.2 Benefits of SaaS over Traditional Applications
Among all of the cloud services, SaaS is the most popular and its adoptability rate is very high. SaaS leverages all of the
advantages of cloud computing. Apart from the core cloud features, SaaS applications provide visible benefits to the end
users along different dimensions in comparison with traditional on-premises applications.
■ Licensing
■ Business focus
This type of instance sometimes creates confusion regarding the classification among services, where a vendor started
with SaaS offerings and then expanded its sphere by offering PaaS. Force.com is the PaaS offering platform created from
Salesforce.com for developing services by consumers. Using Force.com, consumers can develop functionalities as per the
requirements and add those with Salesforce.com’s SaaS offerings.
All of the additional cloud services are part of some of three primary cloud services but many vendors offer security-
management-service as a separate cloud service offering
5.7.1 Security Management-as-a-Service
Security management is an integral part of any cloud service offering like SaaS and PaaS. But, at the same time,
the vendors having expertise on security management, offer the service as separate cloud service. This cloud
service is known as ‘Security Management-asa-Service’. Cloud service consumers can opt for some Security
Management-as-a-Service offering to delegate the responsibilities of all of the security related issues of their
computing environments. Eminent vendors providing this service include Cisco, McAfee, Symantec and others
Identity management in cloud computing is a critical job. Identity management for any application requires robust
authentication, authorization and access-control mechanisms. Authentication and authorization are maintained
through some user-identification techniques and passwords respectively. Many advanced techniques like federated
identity, identity governance, auditing, single sign-on etc. are used with applications nowadays for the purpose.
Although, the identity management is an integral part of all of the cloud services, a number of vendors separately
offer identity management-as-a-service that can be incorporated with other cloud services for managing user
identity. Examples of such services include Symplified, Ping Identity and others.
5.7.3 Storage-as-a-Service
Data storage service in cloud falls under IaaS service layer by definition.
5.7.4 Database-as-a-Service
Database-as-a-Service is considered as a special category of PaaS.
5.7.6 Compliance-as-a-Service
Compliance is an issue of concern that appears with cloud computing. It is related with the fulfillment of the laws of
the countries or regions where business is somehow linked through the cloud. Managing the compliance issues is a
complex matter and needs for considerable expertise.
5.7.7 Desktop-as-a-Service
Here comes the use of Desktop-as-a-service (DaaS). There are cloud service providers who delivers personalized
desktop environments to users as service. This allows users to enjoy the benefits of their personal desktop
environment irrespective of the cloud access devices. This is also referred to as virtual desktop or hosted desktop.
5.7.8 Monitoring-as-a-Service
Performance monitoring is another important aspect of computing systems. Cloud vendors offer this as a service
known as Monitoring-as-a-Service (MaaS). It monitors functionalities and performances of various cloud services.
MaaS can be used to track some specified states of applications, storage, network etc. Enterprises even employ
multiple MaaS solutions for the interest of business. Adopting performance monitoring as a service allows
enterprises to take appropriate measures to maximize performance and business. For example, the average
response time measured during a period might be evaluated to see if this deviates from an acceptable value.
Administrators can later take action to rectify the issue or even respond in real time scenario.
5.8 OPEN CLOUD SERVICES
During its initial days, all cloud computing services were proprietary. In 1999, Salesforce.com set milestone with their
SaaS services. Next Amazon launched a suite of cloud-based services in 2002. Later on Google, Microsoft, VMware and
many other companies have launched one or more of the cloud computing services. Among them, Amazon is considered
as pioneer in IaaS, the efforts of Google are mainly focused on SaaS and PaaS delivery and later on, Microsoft chose the
PaaS and SaaS as the core of their interests.
As time passed, open-source communities came up with their own solutions. Unlike the public cloud services of giant
facilitators like Salesforce.com, Amazon, Google, Microsoft and else, this community mainly focusses on the private cloud
arena. Different open-source technologies have powered many of these solutions. Eucalyptus, Nebula, Nimbus are some
eminent examples of open-source cloud solutions which can be used to create the cloud computing environment.
Eucalyptus, Nebula, Nimbus, OpenStack, CloudStack are few examples of popular open cloud solutions which are mainly
used to build private cloud environments
SUMMARY
❖ Cloud computing delivers different computing facilities to consumers as utility services. NIST model divides these services primarily into three
categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS).
❖ The three service models (SaaS-PaaS-IaaS) together are known as SPI model of cloud. IaaS provides infrastructure like server, storage and
network facilities; PaaS provides application development and deployment environments and SaaS delivers software applications.
❖ PaaS layer interacts/communicates with the underlying IaaS layer by using the set of APIs (application program interface) provided by
respective IaaS solutions.
❖ Computing vendors have launched many other specialized cloud services which ultimately fall under these three primary services of SPI
model.
❖ Offerings like Security Management-as-a-Service, Storage-as-a-Service, Database-as-a-Service have shown high rate of adoptability among the
consumers.
❖ Salesforce.com is a popular commercial SaaS offering for enterprises that was pioneer among early cloud services and was launched towards
the end of the last century. It delivers customer relationship management (CRM) solutions.
❖ Apart from proprietary cloud service offerings from vendors like Salesforce.com, Amazon, Google, many open-source communities have also
come up with their own solutions.
❖ Eucalyptus, Nebula, Nimbus, OpenStack, CloudStack are few examples of popular open cloud solutions which are mainly used to build private
cloud environments.
❖ Open cloud solutions which are compatible with some public cloud service systems can be used to create hybrid cloud environment. For
Chapter 6 : Security Refrence Model
Security is one of the topmost concerns of any computing model and cloud computing is no exception. Consumers
or enterprises moving into cloud need to feel secure about their computing facilities and more importantly about
the data they are disclosing to service providers. This is a critical choice for enterprises accustomed to safeguarding
data sitting in their own centers in the traditional way of computing. Cloud computing promotes the concept of
working on proprietary data and applications outside their jurisdiction.
working on proprietary data and applications outside their jurisdiction. It is often said that, ‘cloud computing is an
excellent idea, but cloud security is not good’. The common perception is that the cloud services are not inherently
secure. Cloud computing creates scope for scores of possibilities although like any other technology, there are some
risks associated with it which can be overcome if understood correctly
If studied and designed appropriately, cloud computing causes no more threat to security than what exist in
traditional computing.
6.1 THE SECURITY CONCERN IN CLOUD
Traditional computing systems used to create a security boundary by placing firewalls at the gateways through
which the network used to communicate with the outer world. Firewall blocks unwanted traffic trying to access
the network it protects and thus only authenticated accesses are allowed into the system. Thus, malicious
accesses get blocked at firewalls in the traditional data centers in order to keep the system protected from
outside threats.
But this strategy only makes sense when all applications and data reside within one network of security
perimeter. Traditional data centers allow perimeterized (i.e. within organization’s own network boundary or
perimeter) access to computing resources. But, the de-perimeterization (to open-up the interaction with outer
network) and erosion of trust boundaries that was happening in enterprise applications, have been amplified and
accelerated by cloud computing.
Cloud computing moves beyond the concept of working inside protected network boundary.
6.2 CLOUD SECURITY WORKING GROUPS
Many organizations and groups have worked separately on developing a cloud security model over the years.
They focused on different cloud security aspects and all of these efforts put together have contributed in
developing a model to address security standards in cloud computing. This section discusses the efforts of two
such bodies who have contributed the most in this development.
The Cloud Security Alliance (CSA) is an organization focused on the promotion of a secured cloud computing environment.
Document titled ‘Security Guidance for Critical Areas of Focus in Cloud Computing’, released by CSA, has been considered as
vital testimonial on cloud computing security.
CSA’s initiatives and expertise have enriched the cloud computing world in many ways. A cloud security certification program
for users was launched by CSA in 2010 which was first of its kind. They also offered a certification program for service
providers known as ‘CSA Security, Trust and Assurance Registry’ (STAR) for self-assessment of providers which can be
conducted by several CSA-authorized third-party agencies.
Security certification programs offered by CSA can develop confidence among cloud service providers as well as consumers.
6.2.2 Jericho Forum Group
Jericho Forum was an international consortium formed with the objective of addressing concerns related to de-
perimeterized computing environment
Analyst firm Gartner published a report titled as ‘Assessing the Security Risks of Cloud Computing’ in 2008. The
report focussed on seven security issues which should be analyzed while moving into cloud. These seven issues can
be considered as the elements for designing good security policy in computing. Cloud consumers must query to the
service providers regarding these issues and ensure maximum protection and security
Gartner advices consumers to seek utmost transparent reviews related to seven specific issues from service providers before
moving into cloud
The cloud computing community and many organizations working in the field of network security were working for
years to develop a model to address cloud security. Many among these organizations, unofficial groups and
researchers proposed different models for the purpose.
The Jericho Forum group, which was working to find solution for the de-perimeterization problem, came up with a
model called ‘Cloud Cube Model’ to address this issue. This cube model has gained global acceptance by the experts
and is considered as the security reference model for cloud computing. The Cloud Cube Model suggested by Jericho
Forum has considered the multi-dimensional elements of cloud computing and appropriately suggested how to
approach towards its security
6.4.1.1 Primary Objectives
■ To represent different formations of clouds. ■ To highlight the key characteristics of each cloud formation. ■ To
represent the benefits and risks associated with each form of cloud. ■ To focus that traditional non-cloud
approach is not totally obsolete and may sometimes be a suitable choice for operating the particular business
functions. ■ To present a roadmap for more detailed study and to make the environment more secure.
■ Whether data will be stored internally within physical boundary of the organization or to some external location? ■ Will the cloud be
formed using proprietary technology (technology that is property of someone) of some computing firm or by using open technology
that is open to everyone for use? It is to note that, here ‘technology’ means ‘cloud technology’ or operating standard of cloud. ■
Whether the cloud will operate within organization’s network boundary (the logical security perimeter) only or outside the boundary
also? ■ Will the development and maintenance of the cloud service be outsourced to some third party or will be done with in-house
team?
According to Jericho Forum’s model, there can be 16 (sixteen) different types of cloud formations
6.4.1.3 The Dimensions
Data boundary aspect determines physical storage location of organizations’ own data.
The ownership of technology (proprietary/open) determines the degree of interoperability among different cloud services.
The four basic cloud formations as Internal/Proprietary, Internal/Open, External/Proprietary and External/Open can either be
Perimeterized or De-perimeterized.
In-sourcing of service does not mean better security. Security of cloud service largely depends on the expertise of the delivery team.
Collaboration is the tune of cloud based business systems. Both consumers and service providers have their share of
responsibilities in ensuring adequate security of a cloud system. Security perspectives have to be measured
appropriately to strengthen this protection before moving into cloud. Cloud security reference model provides
guidance in performing this analysis.
Cloud computing causes no more security concerns over traditional computing. Moreover adoption of reputed public
cloud services for appropriate application can be of more trustworthy.
6.6 SECURITY POLICY
Security policies are the sets of documentations that guide for reliable security implementation in a system. Applicable
standards and guidelines flow to the subsequent levels from this policy documentations defined by the highest level
authority.
Along with system related security policy, enterprises should take care of regulatory policy too.
‘Trusted Computing’ is a term that refers to technologies, design and policies to develop a highly secure and reliable
computing system. Though cloud computing empowers users and enterprises by providing utility computing service
on-demand, a lack of trust between cloud service consumers and providers may prevent the widespread acceptance
of these cloud services. To increase the adoption of cloud services, cloud service providers must establish trust initially
and ensure security to ease the worries of a large number of consumers
Trusted cloud computing can be viewed as a way to ensure that the system acts in a predictable manner as intended
6.7.1 How to Make a Cloud Service Trusted
Reputation or trust building is a time taking process and larger cloud providers have already taken measures
to establish this trust.
SUMMARY
❖ Cloud computing expands itself beyond the traditional perimeterized access to resources in computing. Here, the collaboration is the tune and
thus de-perimeterization is integral.
❖ Apart from de-perimeterization, external or off-premises access to resources also brings security concerns for cloud service consumers.
❖ Several groups and organizations have worked over the years to introduce best practices and a standard security model for cloud computing.
Cloud Security Alliance and Jericho Forum are pioneers among them.
❖ Jericho Forum’s Cloud Cube Model, introduced in 2009, has been accepted as the standard model for cloud security. The model clearly
distinguishes different formations of cloud and focuses on the benefits and risks associated with each form.
❖ Cloud cube model talks about four issues or dimensions while forming cloud environment and represents those four dimensions through the
uses of a three-dimensional cube.
❖ The cube model represents sixteen (16) different formations of cloud. Consumers must analyze their needs and select the most suitable cloud
for their requirement from those suggested by Jericho Forum.
❖ With appropriate choice of cloud for computing needs of customers and security, the outcome can be better than that of traditional computing.
❖ There can be no comparison of traditional outsourcing with cloud outsourcing when cloud service is delivered by globally reputed computing
vendors, rather than by IT service companies as in traditional computing.
❖ Service providers should take appropriate measures to develop trust among consumers about their cloud environment. Acquiring security
certifications through an audit conducted by some external agency may enhance this trust regarding the service among consumers
5.7.1 Security Management-as-a-Service
Security management is an integral part of any cloud service offering like SaaS and PaaS. But, at the same time,
the vendors having expertise on security management, offer the service as separate cloud service. This cloud
service is known as ‘Security Management-asa-Service’. Cloud service consumers can opt for some Security
Management-as-a-Service offering to delegate the responsibilities of all of the security related issues of their
computing environments. Eminent vendors providing this service include Cisco, McAfee, Symantec and others
Identity management in cloud computing is a critical job. Identity management for any application requires robust
authentication, authorization and access-control mechanisms. Authentication and authorization are maintained
through some user-identification techniques and passwords respectively. Many advanced techniques like federated
identity, identity governance, auditing, single sign-on etc. are used with applications nowadays for the purpose.
Although, the identity management is an integral part of all of the cloud services, a number of vendors separately
offer identity management-as-a-service that can be incorporated with other cloud services for managing user
identity. Examples of such services include Symplified, Ping Identity and others.
5.7.1 Security Management-as-a-Service
Security management is an integral part of any cloud service offering like SaaS and PaaS. But, at the same time,
the vendors having expertise on security management, offer the service as separate cloud service. This cloud
service is known as ‘Security Management-asa-Service’. Cloud service consumers can opt for some Security
Management-as-a-Service offering to delegate the responsibilities of all of the security related issues of their
computing environments. Eminent vendors providing this service include Cisco, McAfee, Symantec and others
Identity management in cloud computing is a critical job. Identity management for any application requires robust
authentication, authorization and access-control mechanisms. Authentication and authorization are maintained
through some user-identification techniques and passwords respectively. Many advanced techniques like federated
identity, identity governance, auditing, single sign-on etc. are used with applications nowadays for the purpose.
Although, the identity management is an integral part of all of the cloud services, a number of vendors separately
offer identity management-as-a-service that can be incorporated with other cloud services for managing user
identity. Examples of such services include Symplified, Ping Identity and others.
5.7.1 Security Management-as-a-Service
Security management is an integral part of any cloud service offering like SaaS and PaaS. But, at the same time,
the vendors having expertise on security management, offer the service as separate cloud service. This cloud
service is known as ‘Security Management-asa-Service’. Cloud service consumers can opt for some Security
Management-as-a-Service offering to delegate the responsibilities of all of the security related issues of their
computing environments. Eminent vendors providing this service include Cisco, McAfee, Symantec and others
Identity management in cloud computing is a critical job. Identity management for any application requires robust
authentication, authorization and access-control mechanisms. Authentication and authorization are maintained
through some user-identification techniques and passwords respectively. Many advanced techniques like federated
identity, identity governance, auditing, single sign-on etc. are used with applications nowadays for the purpose.
Although, the identity management is an integral part of all of the cloud services, a number of vendors separately
offer identity management-as-a-service that can be incorporated with other cloud services for managing user
identity. Examples of such services include Symplified, Ping Identity and others.
5.7.1 Security Management-as-a-Service
Security management is an integral part of any cloud service offering like SaaS and PaaS. But, at the same time,
the vendors having expertise on security management, offer the service as separate cloud service. This cloud
service is known as ‘Security Management-asa-Service’. Cloud service consumers can opt for some Security
Management-as-a-Service offering to delegate the responsibilities of all of the security related issues of their
computing environments. Eminent vendors providing this service include Cisco, McAfee, Symantec and others
Identity management in cloud computing is a critical job. Identity management for any application requires robust
authentication, authorization and access-control mechanisms. Authentication and authorization are maintained
through some user-identification techniques and passwords respectively. Many advanced techniques like federated
identity, identity governance, auditing, single sign-on etc. are used with applications nowadays for the purpose.
Although, the identity management is an integral part of all of the cloud services, a number of vendors separately
offer identity management-as-a-service that can be incorporated with other cloud services for managing user
identity. Examples of such services include Symplified, Ping Identity and others.
5.7.1 Security Management-as-a-Service
Security management is an integral part of any cloud service offering like SaaS and PaaS. But, at the same time,
the vendors having expertise on security management, offer the service as separate cloud service. This cloud
service is known as ‘Security Management-asa-Service’. Cloud service consumers can opt for some Security
Management-as-a-Service offering to delegate the responsibilities of all of the security related issues of their
computing environments. Eminent vendors providing this service include Cisco, McAfee, Symantec and others
Identity management in cloud computing is a critical job. Identity management for any application requires robust
authentication, authorization and access-control mechanisms. Authentication and authorization are maintained
through some user-identification techniques and passwords respectively. Many advanced techniques like federated
identity, identity governance, auditing, single sign-on etc. are used with applications nowadays for the purpose.
Although, the identity management is an integral part of all of the cloud services, a number of vendors separately
offer identity management-as-a-service that can be incorporated with other cloud services for managing user
identity. Examples of such services include Symplified, Ping Identity and others.
5.7.1 Security Management-as-a-Service
Security management is an integral part of any cloud service offering like SaaS and PaaS. But, at the same time,
the vendors having expertise on security management, offer the service as separate cloud service. This cloud
service is known as ‘Security Management-asa-Service’. Cloud service consumers can opt for some Security
Management-as-a-Service offering to delegate the responsibilities of all of the security related issues of their
computing environments. Eminent vendors providing this service include Cisco, McAfee, Symantec and others
Identity management in cloud computing is a critical job. Identity management for any application requires robust
authentication, authorization and access-control mechanisms. Authentication and authorization are maintained
through some user-identification techniques and passwords respectively. Many advanced techniques like federated
identity, identity governance, auditing, single sign-on etc. are used with applications nowadays for the purpose.
Although, the identity management is an integral part of all of the cloud services, a number of vendors separately
offer identity management-as-a-service that can be incorporated with other cloud services for managing user
identity. Examples of such services include Symplified, Ping Identity and others.