Journal of Ict Standardization 2-1; Special Issue on Cloud Security and Standardization

The industry has been experiencing the deployment of cloud computing models varying from Private Cloud, Hybrid Cloud to an evolution of InterCloud. There are cloud security implications for each model; and within InterCloud a notion of federation may be implied. How do we define cloud bursting and cloud brokering functions and the security requirements therein? What are the use cases? What is the impact of cloud and virtualization on mobile networks and its services? What is the status of standards activities related to cloud security and these scenarios? Authors were inviteded to submit papers, on these topics for the special issue.Today's Cloud services are deployed by Cloud Service Providers (CSP) via tech- nologies and business architectures at various places in the network and consumed by customers ranging from large enterprises to consumers. Implicit is the notion of federation amongst CSPs to solve use cases such as disaster recovery, burst demands and geographical coverage, as well as federation between provider and customer, also known as hybrid cloud. Current hybrid-cloud offerings are based on static configura- tions and static business relationships between a network and a provider or a series of providers. Intercloud will add flexibility to these relationships so that cloud providers could discover services across multiple providers, agree on a common Service Level agreement or create an auction between CSPs to get the lowest price.Intercloud defines the inter-provider interface (or NNI) between CSPs. In this sense, it is complementary to OpenStack, which focuses on the user-provider in- terface (or UNI). In order to enable cloud interconnection, a complete architecture is under study, which includes a set of available technologies that will be re-used and some new technologies that are under development. The main enablers for a viable inter-cloud architecture are: the development of a service discovery mechanism amongst multiple providers and customers, enabling multiple cloud provider meta- data instantiation, an identity management mechanism between CSPs and real time billing exchange mechanisms. For the industry, as the constructs evolve to hybid and intercloud implementattions, security AND privacy capabilities will contine to be strategic. Concerns articllated in the industry include loss of control and visibility; ser- vice disruption; data security; enterprise isolation and compliance. Cryptography is a fundamental underpinning of nearly all cloud security implementations e.g. emerging homomorphic encryption. Certainly identity management across multiple clouds will also be piovotal.Various standards bodies have been focusing efforts in the development of cloud security architecture e.g• NIST, http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf;• ITU-T, http://www.itu.int/ITU-T/newslog/New+ITU+Standards+On+Cloud+Computing+Security+And+Digital+Object+Architecture.aspx; • IEEE, http://cloudcomputing.ieee.org; and so on.It is with great pleasure that we feature two articles in this special edition:1. Proposed Identity and Access Management in Future Internet (IAMFI): A Be- havioral Modeling Approach by Nancy Ambritta P., Poonam Railkar, Parik- shit N. Mahalle, Department of Computer Engineering, Smt. Kashibai Navale College of Engineering, Pune, India2. Traffic Offload Guideline and Required Year of the 50% Traffic Offloading, by Shozo Komaki, Naoki Ohshima and Hassan Keshavartz. Malaysia-Japan Inter- national Institute of Technology, Universiti Teknologi Malaysia, that addresses wireless cloud and implicit security implications.One can conclude that there is quite a bit of work to do in the cloud security space We will certainly re-visit this topic with best practice guidelines.