aceec15371
Better follow conventions, especially: * remove Latinism like via and i.e. * use variable lists * Add missing <filename> * wrap long lines Change-Id: I2a537df78ddf4fbeb127b058bf05caaf42441d5f
83 lines
3.2 KiB
XML
83 lines
3.2 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<chapter xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
xmlns="http://docbook.org/ns/docbook"
|
|
version="5.0"
|
|
xml:id="ch049_case-studies-tenant-data">
|
|
<?dbhtml stop-chunking?>
|
|
<title>Case studies: tenant data</title>
|
|
<para>
|
|
Returning to Alice and Bob, we will use this section to dive
|
|
into their particular tenant data privacy
|
|
requirements. Specifically, we will look into how Alice and Bob
|
|
both handle tenant data, data destruction, and data
|
|
encryption.
|
|
</para>
|
|
<section xml:id="ch049_case-studies-tenant-data-idp44416">
|
|
<title>Alice's private cloud</title>
|
|
<para>
|
|
As stated during the introduction to Alice's case study, data
|
|
protection is of an extremely high priority. She needs to
|
|
ensure that a compromise of one tenant's data does not cause
|
|
loss of other tenant data. She also has strong regulator
|
|
requirements that require documentation of data destruction
|
|
activities. Alice does this using the following:
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Establishing procedures to sanitize tenant data when
|
|
a program or project ends.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Track the destruction of both the tenant data and
|
|
metadata through ticketing in a CMDB.</para>
|
|
</listitem>
|
|
<listitem><para>For Volume storage:</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Physical server issues</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>To provide secure ephemeral instance storage,
|
|
Alice implements qcow2 files on an encrypted
|
|
filesystem.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
<section xml:id="ch049_case-studies-tenant-data-idp51856">
|
|
<title>Bob's public cloud</title>
|
|
<para>
|
|
As stated during the introduction to Bob's case study, tenant
|
|
privacy is of an extremely high priority. In addition to the
|
|
requirements and actions Bob will take to isolate tenants from
|
|
one another at the infrastructure layer, Bob also needs to
|
|
provide assurances for tenant data privacy. Bob does this
|
|
using the following:
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Establishing procedures to sanitize customer data
|
|
when a customer churns.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Track the destruction of both the customer data and
|
|
metadata through ticketing in a CMDB.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>For Volume storage:</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Physical server issues</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>To provide secure ephemeral instance storage, Bob
|
|
implements qcow2 files on an encrypted filesystems.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</section>
|
|
</chapter>
|