Security Management Areas in the Inter-cloud

Within the context of Cloud Computing, one of the most important security challenges is to manage and assure a secure usage over multi-provider Inter-Cloud environments with dedicated communication infrastructures, security mechanisms, processes and policies. The aim of Security controls in Cloud computing is, for the most part, no different than security controls in any IT environment from a functional security management perspective. The adaption and reuse of existing traditional security management areas that have to be enhanced for specific Cloud computing requirements(e.g., dynamic reconfiguration, distributed services, etc.), is proposed. Based on the collection of various Inter-Cloud use cases and scenarios within the private and public sector like DMTF (Distributed Management Task Force), NIST (National Institute of Standards and Technology), GICTF (Global Inter-Cloud Technology Forum) and ENISA (European Network and Information Security Agency) we analyzed and summarized the range of requirements for security management. As these requirements are not yet fulfilled by current security management approaches, we derived a set of security management areas that describe all identified functional aspects. This set will serve as a foundation of our future development towards a security management architecture for the Inter-Cloud.