The MUSA project provides an integrated tool framework for DevOps and Agile engineering of (multi-)cloud based applications, addressing security in all its phases: design, deployment and operation.
The framework supports risk analysis and selection of secure cloud services, and is able to automatically deploy and monitor distributed components and create an application Service Level Agreement.
The main targeted users are DevOps teams covering four main roles:
- Application developers (including architects) that need tools to easily design multi-cloud applications, not only according to functional features, but also taking security features such as data confidentiality, data integrity, data access and data location into account. They also require security mechanisms implemented in the applications, to enforce security at runtime.
- System operators that need to exploit cloud service combinations as much as possible and require tools to automatically select the best combinations, based on the functional and security needs of the application and to automatically deploy the appropriate components.
- Service administrators that need to monitor the correct operation of the application (fulfilment of SLA), including the security features, in order to react to security incidents as soon as possible and to keep the users properly informed.
- Business managers that have overall responsibility for the business aspects of offering cloud services to cloud service customers.
The four roles need tools that together can better integrate a seamless assurance of security in the applications.
The main goal of MUSA is to support the control of security in distributed applications over heterogeneous cloud resources, through a security framework that includes methods and tools for integrated security assurance in both engineering and operation.
The main features on offer ease the processes of:
- Multi-disciplinary Risk analysis to better identify the required security controls in the application components.
- Selection of cloud services by taking into account the security controls that the services have to offer.
- Automation of the creation of the SLA requirements of the application. By composing the SLA requirements of the distributed components.
- Automation of the deployment of the distributed components in heterogeneous cloud services.
- Automation of the monitoring and enforcement of the security behaviour granted in the SLA through the use of agents within the application components.
All these processes will be seamlessly integrated in a unique Kanban-style Dashboard that is able to encompassing a number of tools that can also be used separately. The framework will reduce time-to-market and shorten the gap between the Development and Operations for a timely reaction to security incidents at runtime.
The data security incidents in multi-cloud applications will be reduced through the assurance of a secure behaviour of individual cloud-based components and the overall application, even if the data is processed and/or stored by untrustworthy or opaque cloud providers.
The cloud consumers’ trust in clouds will be enhanced by the provision of tools for expressing their security needs and keeping them informed on the security and performance faults of the multiple cloud services in use.
Application developers will be able to model the multi-cloud application, based on the functional and security features on offer in the SLA, as well as to embed application component mechanisms to enforce security at runtime.
System operators will be able to automatically discover and select the best cloud service combinations by balancing performance and security.
Service administrators can assure the secure behaviour of multi-cloud applications and minimize the security risks while keeping the users informed.
Business managers will be able to make better-informed decisions when selecting cloud services.