The control of security in cloud computing is not much different than the security controls in any IT environment yet. However, cloud services are “rented” to use, so the operating model and the technology used for cloud services can create new risks compared to traditional IT solutions .
Cloud reference model: Analysis of relationships and dependencies between the cloud computing models is essential to understand the security risks of cloud computing. IaaS is the infrastructure of all services, IaaS and PaaS built on SaaS, PaaS built on. In this manner, the ability of the service on how each other is inherited, then the problems of information security and risk and so on. Note that the service provider cloud commerce may not fit perfectly with a service model by layers above. However, the reference model is important for the relevant services in the real world for an architectural framework and understanding, resources and services requiring security analysis.
Clearly, for each model, the compatibility between the integrated features, complexity, openness (as may be extended) and the ability to ensure security. Typically, SaaS offers many integrated functions, with features extending consumer at least, and a high level of security is integrated (at least the supplier responsible security). PaaS enabling programmers can build their own applications on that platform. Therefore, it is likely to expand more than the features on the SaaS customer. This option allows to expand the features and security capabilities in a flexible manner. IaaS offers few features such as apps, but relatively high scalability. This means that the capabilities and security features built is less, in addition to protecting the infrastructure itself. This model requires the use of cloud management and security of the operating system, applications and content.
For cloud architecture security, the service provider cloud service as ensuring a low (limit levels). The more limit levels are, the greater responsible for managing the security that their customers will have themselves undertaken to ensure the deployment of. The level of service, security, the administration and legal responsibility of the service provider is defined, managed, and must comply with the contract, given the consumer-level agreement service (service Level Agreement – SLA). There are 2 types SLA: negotiation capable and incapable of negotiating. When not done SLA then consumers will control all aspects of the cloud. When an inability SLA negotiation is done, the supplier will be administering the prescribed part of the agreement, administrator of the consumer system will manage the remaining services in the SLA, in PaaS or IaaS case