STRATEGIC is applying a click to secure policy to the Service Store. Click to secure is an approach that is designed to allow STRATEGIC customers to own security and protection of their applications. This solution is adapted to environment, such as STRATEGIC, that can target multiple clouds.

Conventionally, Cloud Services are divided into three categories which are IaaS, PaaS, and SaaS. They reflect the degree to which the customer is responsible for the environment stack. STRATEGIC solution proposes a more flexible framework where customers can benefit from all the functionalities of a PaaS but also, STRATEGIC allows multiple cloud targets to be accessible. This additional level of flexibility singles out STRATEGIC from conventional PaaS providers. However this also has two collateral effects. The first one is the requirement to manage deployment packages (services, or applications), and as a result, security cannot be managed in a single virtualisation environment. Therefore, the second effect is the decoupling of the application level security with the virtualisation platform. Figure 2 highlights the differences between conventional IaaS, PaaS, and SaaS, and STRATEGIC.


Figure : How STRATEGIC differs from conventional IaaS, PaaS, and SaaS

The security layer provided by STRATEGIC cannot be controlled in the same way as a conventional PaaS. This de-coupling in effect transfers the security burden over to the customer. STRATEGIC is addressing this problem by providing a subscription based model for security.

The customer experience has been simplified to subscribe to security components including protection of the Virtual Machines and applications. This includes patching, anti-malware, and anti-intrusion. The same experience is available for data encryption. The customer experience is referred to as click to secure because there is no other interaction required. Equally, customers can click to cancel, or update. In effect subscribing to the BT security features procures a managed security service which is itself highly configurable.

Compared to conventional PaaS, this approach requires customers to select security. This is one additional step that did not exist in single cloud PaaS however, this extra functionality comes with benefits too. It is possible to customise security and choose to either strengthen or cut back on the assurance levels which has an impact on the cost. Also, a level of security can be designed to achieve a particular compliance requirement. Not only have we seen that security services can be deployed to multiple cloud environments, but, they also work as a compliance management tool.

Security Services in the Service Store are integrated by the STRATEGIC administrator. Customers benefits from the security services available without the need to be security savvy. Currently, security services that have been integrated include BT Intelligent protection, and BT Data encryption. These services are scheduled to be implemented in production within 2017 in commercial implementation of BT.