Systems Engineering Integration and Test Challenges due to Security Measures in a Cloud‐Based System

Abstract

AbstractCloud based systems have become popular with company's Chief Information Officers and Chief Technical Officers due to their ability to support a wide range of Web based applications and services including; scalability to allow users to increase/decrease their cloud footprint real time based on demand, load balancing to optimize computing performance, and failover which allows processing/memory assets to be reassigned real time when a failure is detected or predicted on the current processing assets. In addition, organizations can lower their Information Technology (IT) costs by deferring their infrastructure maintenance/costs to the Cloud Service Provider (CSP). However, Cloud‐based security threats and mitigations are well documented in literature, and address multiple client side, network, and cloud side (service/application and data) vulnerabilities. Defined mitigations include the use of access control, encryption, key management, digital signatures, and intrusion detection/prevention systems to yield a secure cloud‐based system. Implementing these security measures adds significant system functionality to the already complex cloud‐based system that must be assessed by the system architect. The additional requirements and development must be managed by the systems engineering team, and the increased integration and test must be addressed by the systems engineering integration and test lead. This paper will highlight the scope growth realized when a system interfaces into the cloud, relative to equivalent non‐cloud based systems. The added scope will be shown to include the development, integration and test of security related hardware and software configuration items, development of significant integrated test equipment/test vectors to verify the security functionality over a wide range of conditions, multiple cooperative systems/software led activities to analyze and test software throughout its development, and the system accreditation efforts to get authorization to tie into the cloud. With this information, the systems engineering leads will have a better understanding of the challenges involved with integrating and testing a cloud‐based system and can then properly plan and budget for this activity. This paper will focus specifically on a public cloud based implementation. Hybrid and private cloud implementations will not be addressed herein.