This thesis is based around the question whether cloud platforms are secure enough to satisfy enterprises’ main security requirements?
In order to answer this question, multiple business and technical aspects need to be assessed and taken into account. To analyze business perspectives, a market analysis on customer needs, platform alternatives and available service providers has been conducted. Technology-related issues were identified by a technology drill-down on possible theoretical threats affecting the overall security of the platform.
A secure cloud implementation was defined as a secondary objective of the project, where security countermeasures needed to be incorporated to provide protection against previously identified security threats. Therefore a 4 physical machine cloud system was implemented with OpenStack-based cloud management layer. Network, hypervisor, administration and guest instance level technical solutions have also been combined into the system design to achieve higher security.
Furthermore, a measurement toolkit was developed for cloud infrastructure workload testing and guest level performance and availability assessment purposes. The previously implemented cloud infrastructure and two public cloud services have been evaluated through this toolkit.
As a final step, the original question was answered by summarizing when can customer systems be migrated to cloud platforms, and in what cases should it be discouraged.